Summary of feedback on Big data and data protection and ICO response
|
|
- Harry Harrison
- 8 years ago
- Views:
Transcription
1 Summary of feedback on Big data and data protection and ICO response Contents Introduction... 2 Question Impacts and benefits; privacy impact assessments (PIAs)... 3 New approaches to data protection... 3 Legitimate interests... 4 Public sector... 4 EU General Data Protection Regulation (EU GDPR)... 4 Anonymisation... 5 Access to personal data... 5 Question Question Privacy engineering... 8 Technical security... 9 Privacy Impact Assessments... 9 Personal data services... 9 Terms and conditions Limiting data collection Actions to raise awareness
2 Introduction Our paper on Big data and data protection was published on 28 July It set out our understanding of the data protection issues raised by big data and contributed to the ongoing discussion of big data and privacy. The launch of the paper was widely reported across websites dealing with IT and information law. The House of Commons Science and Technology Committee quoted our paper in their report on Responsible use of data 1. It was well received at the 36 th International Conference of Data Protection and Privacy Commissioners and their Resolution on big data 2 reflected the approach we put forward in the paper. The paper included three questions on which we invited feedback. We originally gave a deadline of 12 September 2014 for this but, recognising that more time was needed because of the summer holidays, we extended it to 17 October. We received responses to the consultation from ten organisations. Four of these came from companies, two from trade associations, two from organisations dealing with information and privacy, one from the higher education sector and one from a media organisation. Most of the responses were detailed and lengthy, in some cases with references to other research and current projects. Some included paragraph-by-paragraph comments on our paper while others put forward more general arguments. This has provided us with a great deal of useful material, and we thank all those who gave their time in providing these responses. In this document we are not able to list all the points made by every respondent, but we have picked out and discussed what we consider to be the key themes. There appears to be a consensus that the general approach we put forward in the paper is on the right lines, but there are many suggestions about changes of emphasis and new points that could be added. We will make some revisions to the paper and re-issue it in the light of this feedback in summer House of Commons. Science and Technology Committee Responsible use of data. HC245. The Stationery Office Ltd, November Accessed 6 February th International Conference of Data protection and Privacy Commissioners. Resolution on big data. Conference, October Accessed 6 February
3 Responses to questions Question 1 Does this paper adequately reflect the data protection issues arising from big data or are there other relevant issues that are not covered here? If so, what are they? Impacts and benefits; privacy impact assessments (PIAs) A theme that emerged in a number of responses was the importance of assessing the impact of the analytics on individuals, and differentiating between levels of impact. For example, big data analytics may be used to offer a product to a consumer, but it was suggested that people would see this as less significant or sensitive than using it to make a decision about their application for life assurance. We d broadly agree with this point. The importance of making a proper assessment of the benefits of the processing in question, and explaining this to data subjects, was also stressed. Assessing impacts on and benefits to individuals is a key part of determining whether processing is fair. A central theme of our paper is the continuing relevance of the DPA principle of fairness. We are also pleased to note a number of respondents support our view of the role of PIAs. We discuss this further in relation to Question 3 below. New approaches to data protection In the paper, we consider the argument that big data requires a regulatory focus on how data is used, rather than on how it is collected. We argue that data protection principles are still relevant to big data analytics, and that it is still necessary to tell people about the processing through privacy notices. Most respondents agreed with our general position, although the difficulty of providing privacy information and of seeking consent in a big data context was recognised. One respondent argued that there should be equal focus on the use (or misuse) of data and that it is better to regulate at the point where the potential for harm is created. We recognise the challenges of providing privacy notices. Some respondents mentioned the need to develop new ways of delivering these and we will continue to look for innovative examples of how to do this in a big data context. 3
4 Legitimate interests One respondent suggested that the paper focussed too much on consent as a condition, and that it is not always practical to obtain this in a big data context. They suggested that the paper did not sufficiently recognise the relevance of the legitimate interests condition for processing personal data. They argued that this condition can authorise new uses of the data, since it provides that personal data may be processed if it is necessary for the legitimate interests of the data controller (or a third party) unless there is unwarranted prejudice to the rights, freedoms and legitimate interest of the data subject. This condition puts an emphasis on organisational accountability rather than individual responsibility for giving consent. Our paper deals with consent at greater length than legitimate interests, partly because the former is an issue which is the subject of current debate in the context of big data. We did not mean to imply that consent is the only or the most important condition; any of the conditions listed in the Data Protection Act and the Data Protection Directive can legitimise the processing of personal data. The need to balance the legitimate interests of the data controller with the rights and freedoms of individuals is a key theme in our paper. We agree also that this is consistent with organisational accountability. Public sector One respondent noted that the paper was mainly focussed on private sector uses of big data, and commented that there are differences in the way that personal data is handled in public authorities, in that they often rely on conditions other than consent, and because of the potential role of the Senior Information Risk Owner (SIRO) in addressing data protection concerns. While the paper makes some reference to public sector uses of big data, we accept that it does not directly address the differences between that and the private sector. This reflects the research carried out for the paper and the examples available to us. We will consider developing the theme of big data in the public sector in the new version of the paper. EU General Data Protection Regulation (EU GDPR) Several respondents felt that we should have said more about the possible impact of the proposed EU GDPR and its implications for big data. 4
5 In the paper we tried to show how the proposed provisions reflect some of the data protection issues posed by big data. However, we did not try to give a detailed commentary on the EU GDPR, since we have previously published commentaries on the draft versions and also because the proposals have not yet been agreed by the EU. If the EU GDPR is passed, guidance will have to be issued on any provisions relating to profiling, but it is premature to analyse further at this stage. Anonymisation Some respondents mentioned the role of anonymisation and said that big data used for the analysis of general trends is often anonymised, so that it is no longer personal data. At the same time it was also pointed out that the knowledge gained from analysing anonymised data can be used to make decisions that impact upon individuals, and we agree that this is the case. Access to personal data The paper discusses ways of facilitating people s access to their own data. It was pointed out that website interactions automatically generate a large amount of data, and it is important to enable people to see the major items of personal data held about them, rather than necessarily all of this data. We agree that new ways of facilitating access to personal data should be a tool for transparency by enabling people to understand what data is held about them and how it is used. At the same time we must recognise that the subject access provisions of the DPA give data subjects a wideranging right to obtain their personal data. 5
6 Question 2 Should the ICO produce further guidance documents to help organisations that are doing big data analytics to meet data protection requirements? If so, what should they cover? Suggestions made in response to this question included the following: The ICO should encourage organisations to undertake a cost benefit analysis as part of big data projects. This would include estimating in advance how useful the datasets are likely to be and then measuring and reviewing this once they are being used. Some respondents wanted to see more practical, technical guidance, including guidance on particular technologies. At the same time it was recognised that this is not necessarily a job for the ICO alone, and that industry has a role to play, for example in developing standardised categories to inform people of how their data is being used. One respondent wanted to see further guidance on what the EU GDPR means for big data analytics, once the Regulation is agreed. One respondent wanted to see more guidance on encryption and deletion of records in the cloud. One respondent wanted to see examples of how an organisation could communicate possible future uses of data in a privacy notice. One respondent suggested that the paper should be reorganised and reissued to improve usability and readability. Another suggested that it should be split into smaller separate documents on specific topics, to make it easier to read. Our document on Big data and data protection was intended as a discussion paper, setting out our view of the data protection issues involved in big data. It was therefore a contribution to the growing debate, rather than a guidance document. We recognise that it was particularly long, and this was because we were trying to cover a large number of complex issues. As noted at the beginning, we will publish a new version of the paper in the summer, with some revisions based on the comments received. After 6
7 that, we envisage that any future work we do on big data is likely to be in the context of specific issues, as the need arises. We welcome the recognition that there is a role for business and other organisations doing big data analytics to develop standards and guidance, and we are happy to support this. We have started a review of our Privacy notices code of practice, and as part of this we will consider how the Code can reflect the issues discussed here about transparency in the context of big data. We expect that the review will be concluded by the end of June
8 Question 3 This paper refers to a number of practical measures and tools that can help to protect data privacy in the context of big data analytics: anonymisation, privacy impact assessments, privacy by design, privacy notices, data portability and privacy seals. Are other practical measures and tools needed? If so, what are they? Respondents mentioned a number of measures and tools in response to this question: Privacy engineering One respondent pointed out that the paper mentions Privacy by Design but does not give practical advice on how to implement it. It was also argued that Privacy by Design is not just a legal question but an engineering one, and that the protection it gives is constrained by the technical architecture of the system. There is therefore a role for privacy engineering, which would involve bringing legal and policy people in an organisation together with technical experts to develop ethical approaches to designing systems. It was suggested that there is a role for the ICO in encouraging colleges and universities to build this into the curriculum, and also a role in providing technical guidance to, and working with, privacy engineers. We agree that Privacy by Design involves using a range of organisational and technical measures, and that although some useful work has been done, which we reference in the paper, there is a need for more work and practical examples. One example we are working on is researching privacy enhancing technologies. The ICO s in-house capacity for developing technical solutions is limited, but we are happy to work with external technical experts, as we have done, for example, with the UK Anonymisation Network 3. We will also consider how we can encourage the recognition of privacy and data protection issues in university IT and information management courses, which will often teach the techniques related to big data. 3 UK Anonymisation Network website Accessed 6 February
9 We are also active members of the newly formed Internet Privacy Engineering Network 4 (IPEN) and will continue to input into work on privacy by design solutions for big data at an international level. Technical security One respondent suggested that the measures and tools should include recognition of the role played by technical security measures in protecting personal data. We agree that people are concerned not only about whether organisations are using their data in unexpected ways, but also whether they are keeping it securely. We will continue to emphasise the need for adequate security of personal data in any future work on big data. Privacy Impact Assessments Some respondents mentioned PIAs as a tool in making the assessment of impacts and benefits, and as a way of highlighting less privacy-intrusive methods. It was emphasised that these should not be used simply to rubber stamp a previously agreed plan. We agree that PIAs are particularly important in the context of big data analytics. We will continue to promote our Privacy impact assessment code of practice which contains practical advice on how to do PIAs. One respondent argued for the importance of privacy risk assessments: they can enable responsible decisions about data use, they place the burden of privacy protection on the organisation and they allow for flexibility in the application of the data protection principles. We agree with these points and we think that the principles of a privacy risk assessment, as described, are very much in line with those of PIAs. We will liaise with key stakeholders to discuss the development of more specific PIA guidance on big data that uses the ICO PIA code as a framework. We would look to identify a sector, professional or industry body to take this work forward. This should also be supplemented by case studies. Personal data services One respondent suggested that we should say more about the role of personal data services (trusted third parties managing access to personal data on behalf of data subjects). We are aware of developments in this 4 IPEN website Accessed 6 February
10 area, although we consider that at the moment there is a need for more pilot projects and practical examples to show their potential. Terms and conditions It was suggested that there is scope for developing simplified terms and conditions, based on agreed categories of data usage. This supports the points we have made about the need for innovation in delivering privacy notices. Limiting data collection One respondent said that there should be more emphasis on limiting data collection to that which is actually needed, and that this would reduce the amount of information that needs to be analysed and make it easier for people to understand what information has been collected. Our paper addresses the issue of data minimisation and says that organisations need to be clear about what data they actually need for their purposes. Actions to raise awareness In order to raise awareness of the data protection risks, highlight case studies and best practice, and continue discussions about innovative privacy enhancing solutions we plan to hold a seminar on privacy and big data later in We will provide more details and ask for expressions of interest in due course. We intend this event to follow on from the planned sectoral work on PIAs. 10
RESPONSE TO THE INFORMATION COMMISSIONER S OFFICE BIG DATA AND DATA PROTECTION PAPER 1. BACKGROUND
HUNTON & WILLIAMS 30 ST MARY AXE LONDON, EC3A 8EP TEL +44 (0)20 7220 5700 FAX +44 (0)20 7220 5772 BOJANA BELLAMY DIRECT DIAL: +44 (0)20 7220 5703 EMAIL: BBELLAMY@HUNTON.COM RESPONSE TO THE INFORMATION
More informationThe Information Commissioner s Office response to HM Treasury s Call for Evidence on Data Sharing and Open Data in Banking
The Information Commissioner s Office response to HM Treasury s Call for Evidence on Data Sharing and Open Data in Banking The Information Commissioner has responsibility for promoting and enforcing the
More informationData Protection Act. Conducting privacy impact assessments code of practice
Data Protection Act Conducting privacy impact assessments code of practice 1 Conducting privacy impact assessments code of practice Data Protection Act Contents Information Commissioner s foreword... 3
More informationThe U.K. Information Commissioner s Office Report on Big Data and Data Protection
reau of National Affairs, Inc. (800-372-1033) http://www.bna.com WORLD DATA PROTECTION REPORT >>> News and analysis of data protection developments around the world. For the latest updates, visit www.bna.com
More information23/1/15 Version 1.0 (final)
Information Commissioner s Office response to the Cabinet Office s consultation on the proposal to amend the Privacy and Electronic Communications (EC Directive) Regulations 2003 ( PECR ), to enable the
More informationBRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS
BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS Mat Wright www.britishcouncil.org CONTENTS Purpose of the code 1 Scope of the code 1 The British Council s data protection commitment and
More informationExperian supporting compliant practices in debt collection. Guidance Note
Experian supporting compliant practices in debt collection Guidance Note Contents Introduction 3 Principles of Good Practice 4 Data Accuracy 4 Deceptive and/or unfair methods 4 Addressing the challenges
More information8970/15 FMA/AFG/cb 1 DG G 3 C
Council of the European Union Brussels, 19 May 2015 (OR. en) 8970/15 NOTE RECH 141 TELECOM 119 COMPET 228 IND 80 From: Permanent Representatives Committee (Part 1) To: Council No. prev. doc.: 8583/15 RECH
More informationThe new EU Clinical Trials Regulation How NHS research and patients will benefit
the voice of the NHS in Europe Briefing September 2014 Issue 19 The new EU Clinical Trials Regulation How NHS research and patients will benefit Who should read this briefing? This briefing will be of
More informationElectronic Palliative Care Co-Ordination Systems: Information Governance Guidance
QIPP Digital Technology Electronic Palliative Care Co-Ordination Systems: Information Governance Guidance Author: Adam Hatherly Date: 26 th March 2013 Version: 1.1 Crown Copyright 2013 Page 1 of 19 Amendment
More informationTemplate for Automatic Number Plate Recognition (ANPR) Infrastructure Development Privacy Impact Assessment
Template for Automatic Number Plate Recognition (ANPR) Infrastructure Development Privacy Impact Assessment This template is provided to support the police service and other law enforcement agencies (LEA)
More informationData protection. Data sharing code of practice
Data protection Data sharing code of practice Contents 3 Contents 1. Information Commissioner s foreword 4 2. About this code 6 Who should use this code of practice? 7 How the code can help 7 The code
More informationBig Data, Not Big Brother: Best Practices for Data Analytics Peter Leonard Gilbert + Tobin Lawyers
Big Data, Not Big Brother: Best Practices for Data Analytics Peter Leonard Gilbert + Tobin Lawyers March 2013 How Target Knew a High School Girl Was Pregnant Before Her Parents Did just because you can,
More informationINFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER
INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER 3 APPLIES TO: ALL STAFF 4 COMMITTEE & DATE APPROVED: AUDIT COMMITTEE
More informationResponse of the German Medical Association
Response of the German Medical Association To the Green Paper on mobile Health ( mhealth ) of the European Commission Berlin, 3 July 2014 Bundesärztekammer Herbert-Lewin-Platz 1 10623 Berlin We are grateful
More informationDealing With Information Rights Concerns
I Data Protection Act How we deal with complaints and concerns A guide for data controllers 1 Data Protection Act How we deal with complaints and concerns The ICO is the UK s independent public authority
More informationProposed guidance for firms outsourcing to the cloud and other third-party IT services
Guidance consultation 15/6 Proposed guidance for firms outsourcing to the cloud and other third-party IT services November 2015 1. Introduction and consultation 1.1 The purpose of this draft guidance is
More informationInformation Governance Framework. June 2015
Information Governance Framework June 2015 Information Security Framework Janice McNay June 2015 1 Company Thirteen Group Lead Manager Janice McNay Date of Final Draft and Version Number June 2015 Review
More informationCookies Compliance Advisory
Cookies Compliance Advisory Note: this is an advisory notice that summarises the current position of the Article 29 Working Group and makes suggestions as to how organisations might practically achieve
More informationNottinghamshire County Council. Data protection audit report
Nottinghamshire County Council Data protection audit report Executive summary October 2015 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data
More informationWebinar Questions Local Government Data Security Help Improve Your Compliance, 30 July 2015
Webinar Questions Local Government Data Security Help Improve Your Compliance, 30 July 2015 Here are the answers to the questions we were asked during the webinar. There are a few questions we are still
More informationINFORMATION GOVERNANCE REVIEW EVIDENCE GATHERING: COMMISSIONING
INFORMATION GOVERNANCE REVIEW EVIDENCE GATHERING: COMMISSIONING Introduction In producing these questions, the Information Governance Review Panel has reviewed the legal and statutory basis for the processing
More informationMemorandum of Understanding between the Financial Conduct Authority and the Bank of England, including the Prudential Regulation Authority
Memorandum of Understanding between the Financial Conduct Authority and the Bank of England, including the Prudential Regulation Authority Purpose and scope 1. This Memorandum of Understanding (MoU) sets
More informationStakeholder workshop Central government. Thursday 26 March 2015
Stakeholder workshop Central government Thursday 26 March 2015 Welcome Sue Markey Government and Society Team Strategic Liaison Introductions This afternoon s programme 13.30 14.20 Data Protection and
More informationEthical issues in accessing and using big data
Ethical issues in accessing and using big data Libby Bishop Research Data Management Team UK Data Service University of Essex Big Data and Analytics Summer School BD014 Secure Access Protocols for Big
More informationObservations on international efforts to develop frameworks to enhance privacy while realising big data s benefits
Big Data, Key Challenges: Privacy Protection & Cooperation Observations on international efforts to develop frameworks to enhance privacy while realising big data s benefits Seminar arranged by the Office
More information9360/15 FMA/AFG/cb 1 DG G 3 C
Council of the European Union Brussels, 29 May 2015 (OR. en) 9360/15 OUTCOME OF PROCEEDINGS From: To: Council Delegations RECH 183 TELECOM 134 COMPET 288 IND 92 No. prev. doc.: 8970/15 RECH 141 TELECOM
More informationData Protection Policy June 2014
Data Protection Policy June 2014 Approving authority: Consultation via: Court Audit and Risk Committee, University Executive, Secretary's Board, Information Governance and Security Group Approval date:
More informationGuidance on data security breach management
ICO lo Guidance on data security breach management Data Protection Act Contents... 1 Data Protection Act... 1 Overview... 1 Containment and recovery... 2 Assessing the risks... 3 Notification of breaches...
More informationScotland s Commissioner for Children and Young People Records Management Policy
Scotland s Commissioner for Children and Young People Records Management Policy 1 RECORDS MANAGEMENT POLICY OVERVIEW 2 Policy Statement 2 Scope 2 Relevant Legislation and Regulations 2 Policy Objectives
More informationData Protection Audit Report - Southampton City Council
Southampton City Council Data protection audit report Executive summary March 2016 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data Protection
More informationThe Future Of UK Pharmaceutical Best Practices --By Lincoln Tsang and Silvia Valverde, Arnold & Porter LLP
Published by Life Sciences Law360 on January 26, 2015. Also ran in Health Law360. The Future Of UK Pharmaceutical Best Practices --By Lincoln Tsang and Silvia Valverde, Arnold & Porter LLP Law360, New
More informationEUROPEAN COMMISSION HIGH LEVEL PROCESS OF REFLECTION ON PATIENT MOBILITY AND HEALTHCARE
EUROPEAN COMMISSION HIGH LEVEL PROCESS OF REFLECTION ON PATIENT MOBILITY AND HEALTHCARE DEVELOPMENTS IN THE EUROPEAN UNION Document: Meeting of the high level process of reflection on patient mobility
More informationINFORMATION GOVERNANCE STRATEGY NO.CG02
INFORMATION GOVERNANCE STRATEGY NO.CG02 Applies to: All NHS LA employees, Non-Executive Directors, secondees and consultants, and/or any other parties who will carry out duties on behalf of the NHS LA.
More informationData Protection Policy
Data Protection Policy Responsible Officer Author Date effective from July 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended December 2012 Review
More informationOn the edge Lexis PSL Restructuring & Insolvency
On the edge Lexis PSL Restructuring & Insolvency Data protection law for insolvency practitioners November 2014 Welcome to your third edition of On the edge, a series of guides highlighting a selection
More informationGuidance on political campaigning
I ICO guidance Guidance on political campaigning 3 Guidance on political campaigning Data Protection Act Privacy and Electronic Communications Regulations Contents Introduction... 3 A. Why comply?... 5
More informationValue of the EU Data Protection Reform against the Big Data challenges. Keynote address 5th European Data Protection Days Berlin, 4.5.
Value of the EU Data Protection Reform against the Big Data challenges Keynote address 5th European Data Protection Days Berlin, 4.5.2015 Giovanni Buttarelli European Data Protection Supervisor (Check
More informationCommercial Energy Management 11 Questions to ask your Energy Broker
Commercial Energy Management 11 Questions to ask your Energy Broker Benchmark your Broker Introduction Do you use or are you looking to use a Business Energy Broker? It s important to find the right partner
More informationPlus500UK Limited. Statement on Privacy and Cookie Policy
Plus500UK Limited Statement on Privacy and Cookie Policy Statement on Privacy and Cookie Policy This website is operated by Plus500UK Limited ("we, us or our"). It is our policy to respect the confidentiality
More informationNew EU Data Protection legislation comes into force today. What does this mean for your business?
24 th May 2016 New EU Data Protection legislation comes into force today. What does this mean for your business? After years of discussion and proposals, the General Data Protection Regulation ( GDPR )
More informationA Changing Commission: How it affects you - Issue 1
A Changing Commission: How it affects you - Issue 1 Contents Overview... 3 Change Programme... 4 Introduction... 4 Reviewing how we regulate and engage... 4 What are the key changes... 5 What does it mean
More informationtechnical factsheet 176
technical factsheet 176 Data Protection CONTENTS 1. Introduction 1 2. Register with the Information Commissioner s Office 1 3. Period protection rights and duties remain effective 2 4. The data protection
More informationHow to Monitor Employee Web Browsing and Email Legally
WHITEPAPER: HOW TO MONITOR EMPLOYEE WEB BROWSING AND EMAIL LEGALLY How to Monitor Employee Web Browsing and Email Legally ABSTRACT The Internet and email are indispensable resources in today s business
More informationData and Cyber Laws Up-date 9 July 2015
Data and Cyber Laws Up-date 9 July 2015 Janine Regan Alexia Zuber Viktoria Protokova Simon Holdsworth charlesrussellspeechlys.com Topics Updates on the key aspects of, and commentary on, the proposed GDPR
More informationComments and proposals on the Chapter IV of the General Data Protection Regulation
Comments and proposals on the Chapter IV of the General Data Protection Regulation Ahead of the trialogue negotiations later this month, EDRi, Access, Panoptykon Bits of Freedom, FIPR and Privacy International
More informationTUPE STEVEN FLYNN. Barrister. St John s Buildings. June 2015 St John s Buildings 1
TUPE Barrister St John s Buildings June 2015 St John s Buildings 1 TUPE CHANGES AT A GLANCE Relevant transfers Service provision changes Change 1: The activities carried out under outsourced or tendered
More informationOffice of Fair Trading (OFT) Online Targeting of Advertising and Prices Market Study Response by the Internet Advertising Bureau
Office of Fair Trading (OFT) Online Targeting of Advertising and Prices Market Study Response by the Internet Advertising Bureau 1. Introduction The Internet Advertising Bureau (IAB) is the UK industry
More informationAll Party Parliamentary Group (APPG) on Nuisance Calls inquiry into Nuisance Telephone Calls. Written evidence from BT.
All Party Parliamentary Group (APPG) on Nuisance Calls inquiry into Nuisance Telephone Calls Written evidence from BT September 2013 1 The Culture, Media and Sport Committee inquiry into Nuisance Telephone
More informationInformation Governance Management Framework
Information Governance Management Framework Responsible Officer Author Business Planning & Resources Director Governance Manager Date effective from October 2015 Date last amended October 2015 Review date
More informationInformation Sharing Policy
Information Sharing Policy REFERENCE NUMBER IG 010 / 0v3 February 2013 VERSION V1.0 APPROVING COMMITTEE & DATE Clinical Executive Committee 5.2.13 REVIEW DUE DATE February 2016 West Lancashire CCG is committed
More informationThe Importance of Sharing Medical Data
Diving into the Data Pool Exploring public views about the way medical data is shared Report from public event on 31 October 2013 Should it be easier for medical data to be shared to help research? What
More informationBCS, The Chartered Institute for IT Consultation Response to:
BCS, The Chartered Institute for IT Consultation Response to: A Comprehensive Approach to Personal Data Protection in the European Union Dated: 15 January 2011 BCS The Chartered Institute for IT First
More informationBig Data for Mutuals. Marc Dautlich 25 November 2013
Big Data for Mutuals Marc Dautlich 25 November 2013 Agenda BIG DATA What is it? OPPORTUNITIES What are they? LEGAL CHALLENGES How do we overcome them? LEGAL REFORM What can we do now to minimise impact?
More informationPrivacy in mobile apps
Data protection Privacy in mobile apps Guidance for app developers Privacy in mobile apps Guidance for app developers Contents Introduction... 2 Will your app deal with personal data?... 3 Who will control
More informationStandardising privacy and security for the cloud
Standardising privacy and security for the cloud Chris Mitchell Royal Holloway, University of London www.chrismitchell.net 1 Acknowledgements Like to thank organisers of event for inviting me to contribute.
More informationAER reference: 52454; D14/54321 ACCC_09/14_865
Commonwealth of Australia 2014 This work is copyright. In addition to any use permitted under the Copyright Act 1968, all material contained within this work is provided under a Creative Commons Attribution
More informationDELIVERING OUR STRATEGY
www.lawsociety.org.uk DELIVERING OUR STRATEGY Our three year plan 2015 2018 >2 > Delivering our strategy Catherine Dixon Chief executive Foreword Welcome to our three year business plan which sets out
More informationEstablishing and Operating a Quality Management System Experiences of the EUROSAI Training Committee Seminar in Budapest
Workshop Management of an SAI Berlin (Germany), 9-11 April 2008 Establishing and Operating a Quality Management System Experiences of the EUROSAI Training Committee Seminar in Budapest (Dr. Árpád Kovács,
More informationImproving quality through regular reviews:
Implementing Regular Quality Reviews at the Office for National Statistics Ria Sanderson, Catherine Bremner Quality Centre 1, Office for National Statistics, UK Abstract There is a requirement under the
More informationThe RFID agenda of the European Commission. Florent Frederix European Commission Directorate General Information Society and Media
The RFID agenda of the European Commission RFID i Danmark 2011 May 3, 2011, IT-University in Copenhagen Florent Frederix European Commission Directorate General Information Society and Media This document
More informationData Protection as a Competitive Differentiator. Getting ready for the General Data Protection Regulation
Data Protection as a Competitive Differentiator Getting ready for the General Data Protection Regulation ...For many online offerings which are presented or perceived as being free, personal information
More informationDigital Signatures and Interoperability
Setting Processes for Electronic Signature Dr. Joachim Schiff On behalf of the SPES Consortium Workgroup City of Saarbruecken IKS Nell-Breuning-Allee 1 D-66115 Saarbruecken Germany Tel. 0049 681 905 5000
More informationBigger Picture Telstra 2013 Sustainability Reporting Series. Customer experience
Bigger Picture Telstra 2013 Sustainability Reporting Series Customer experience PUTTING OUR CUSTOMERS AT THE CENTRE CONTENTS Highlights 03 Context 04 Customer service 05 Customer advocacy 05 Managing bill
More informationCloud (educational apps) software services and the Data Protection Act
Cloud (educational apps) software services and the Data Protection Act Departmental advice for local authorities, school leaders, school staff and governing bodies October 2014 Contents 1. Summary 3 About
More informationCompliance Review Department of Education, Training and Employment
Compliance Review Department of Education, Training and Employment Review of Department of Education, Training and Employment compliance with the Right to Information Act 2009 (Qld) and the Information
More informationCase Id: 0993d72f-a100-4bb7-862d-dfc55b7b69f1
Case Id: 0993d72f-a100-4bb7-862d-dfc55b7b69f1 Questionnaires on introducing the European Professional Card for nurses, doctors, pharmacists, physiotherapists, engineers, mountain guides and estate agents
More informationInternational Privacy and Data Security Requirements. Benedict Stanberry, LLB LLM MRIN Director, Centre for Law Ethics and Risk in Telemedicine
International Privacy and Data Security Requirements Benedict Stanberry, LLB LLM MRIN Director, Centre for Law Ethics and Risk in Telemedicine Aims of this Presentation. To provide a brief overview of
More informationEuropean Commission Green Public Procurement (GPP) Training Toolkit - Module 1: Managing GPP Implementation. Joint procurement.
European Commission Green Public Procurement (GPP) Training Toolkit - Module 1: Managing GPP Implementation Joint procurement Fact sheet Toolkit developed for the European Commission by ICLEI - Local Governments
More informationPublic Consultation regarding Data Sharing and Governance Bill. Contribution of Office of the Data Protection Commissioner
Submission of the Office of the Data Protection Commissioner (DPC) on the data-sharing and Governance Bill: - Policy Proposals (dated the 1 st of August 2014) Public Consultation regarding Data Sharing
More informationAttitudes to Use of Social Networks in the Workplace and Protection of Personal Data
Attitudes to Use of Social Networks in the Workplace and Protection of Personal Data David Haynes, City University, School of Informatics, Department of Information Science August 2011 Background Two surveys
More informationReview of Quality Assurance: Terms of Reference. Background
Review of Quality Assurance: Terms of Reference Background 1. The Quality Improvement Framework (QIF) consolidates previous work by the GMC on the quality assurance of basic medical education (QABME) and
More informationCaptain Compare Privacy Policy
Captain Compare Privacy Policy This Privacy Policy contains important information about the type of personal information we collect from you on the Captain Compare website (www.captaincompare.com.au) (Website),
More informationCorporate Compliance: A Global Perspective
Corporate Compliance: A Global Perspective 6/27/2012 37 Offices in 18 Countries Current Compliance Environment Ever-intensifying regulatory burden new areas of regulation existing regulations becoming
More informationThe European Qualifications Framework for Lifelong Learning (EQF)
European Qualifications Framework The European Qualifications Framework for Lifelong Learning (EQF) Europe Direct is a service to help you find answers to your questions about the European Union Freephone
More information2. Scope 2.1 This policy covers all the activities and processes of the University that uses personal information in whatever format.
University of Westminster Personal Data Protection Policy For Compliance with the Data Protection Act 1998 1. Background 1.1 The Data Protection Act 1998 (DPA) defines personal data as data and information
More informationNMBA Registered nurse standards for practice survey
Registered nurse standards for practice 1. Thinks critically and analyses nursing practice 2. Engages in therapeutic and professional relationships 3. Maintains fitness to practise and participates in
More informationGuidelines on Executive Order on Information and Consent Required in Case of Storing and Accessing Information in End-User Terminal Equipment
Guidelines on Executive Order on Information and Consent Required in Case of Storing and Accessing Information in End-User Terminal Equipment ("Cookie Order") 2nd version, April 2013 Preface...3 1. Introduction...5
More informationReport of the 2015 Big Data Survey. Prepared by United Nations Statistics Division
Statistical Commission Forty-seventh session 8 11 March 2016 Item 3(c) of the provisional agenda Big Data for official statistics Background document Available in English only Report of the 2015 Big Data
More informationAuditing data protection a guide to ICO data protection audits
Auditing data protection a guide to ICO data protection audits Contents Executive summary 3 1. Audit programme development 5 Audit planning and risk assessment 2. Audit approach 6 Gathering evidence Audit
More informationPCL2\13991300\1 CYBER RISKS: RISK MANAGEMENT STRATEGIES
PCL2\13991300\1 CYBER RISKS: RISK MANAGEMENT STRATEGIES Cyber Attacks: How prepared are you? With barely a day passing without a reported breach of corporate information security, the threat to financial
More informationResponse to Justice Select Committee's Call for Evidence on the EU Data Protection Framework Proposals. Cloud Legal Project 17 August 2012
Response to Justice Select Committee's Call for Evidence on the EU Data Protection Framework Proposals Cloud Legal Project 17 August 2012 1. This response is by Christopher Millard, Alan Cunningham and
More informationHow To Use A Surveillance Camera Safely
Data protection In the picture: A data protection code of practice for surveillance cameras and personal information Contents Introduction... 3 About this code... 4 What this code covers... 6 Deciding
More informationData Protection Act 1998. Guidance on the use of cloud computing
Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered
More informationAN INSIDE VIEW FROM THE EU EXPERT GROUP ON CLOUD COMPUTING
AN INSIDE VIEW FROM THE EU EXPERT GROUP ON CLOUD COMPUTING 1. Overview and Background On 27 September 2012, the European Commission adopted a strategy for "Unleashing the potential of cloud computing in
More informationLobbying: Sweet Smell of Success?
Lobbying: Sweet Smell of Success? A case study on the transparency of lobbying around sugar regulation in the European Union and Spain 1. Introduction It is essential that government decision making be
More informationRECOMMENDATIONS COMMISSION
16.5.2009 Official Journal of the European Union L 122/47 RECOMMENDATIONS COMMISSION COMMISSION RECOMMENDATION of 12 May 2009 on the implementation of privacy and data protection principles in applications
More informationGovernance. Information. Bulletin. Welcome to the nineteenth edition of the information governance bulletin
Welcome to the nineteenth edition of the information governance bulletin Our regular bulletin about information governance and the work of the IG transition programme Publication Gateway Reference: 02465
More informationInformation governance strategy 2014-16
Information Commissioner s Office Information governance strategy 2014-16 Page 1 of 16 Contents 1.0 Executive summary 2.0 Introduction 3.0 ICO s corporate plan 2014-17 4.0 Regulatory environment 5.0 Scope
More informationArticle 29 Working Party Issues Opinion on Cloud Computing
Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,
More informationContents. Section/Paragraph Description Page Number
- NON CLINICAL NON CLINICAL NON CLINICAL NON CLINICAL NON CLINICAL NON CLINICAL NON CLINICAL NON CLINICA CLINICAL NON CLINICAL - CLINICAL CLINICAL Complaints Policy Incorporating Compliments, Comments,
More informationApplication of Data Protection Concepts to Cloud Computing
Application of Data Protection Concepts to Cloud Computing By Denitza Toptchiyska Abstract: The fast technological development and growing use of cloud computing services require implementation of effective
More informationThe guidance will be developed over time in the light of practical experience.
Freedom of Information Act Awareness Guidance No. 14 International Relations The Information Commissioner s Office (ICO) has produced this guidance as part of a series of good practice guidance designed
More information12th January 2011. Dear Mr. Graham, Complaint: Internet Eyes
12th January 2011 Mr Christopher Graham Information Commissioner The Office of the Information Commissioner, Water Lane, Wycliffe House, Wilmslow, Cheshire SK9 5AF UNITED KINGDOM Dear Mr. Graham, Complaint:
More informationCrime-mapping and geo-spatial crime data: privacy and transparency
ICO lo and geo-spatial crime data: privacy and transparency Data Protection Act Contents Introduction... 2 Overview... 2 Background... 3 and personal data... 5 What purpose does crime-mapping serve?...
More informationInformation Governance Policy
Information Governance Policy Implementation date: 30 September 2014 Control schedule Approved by Corporate Policy and Strategy Committee Approval date 30 September 2014 Senior Responsible Officer Kirsty-Louise
More informationData Security and Extranet
Data Security and Extranet Derek Crabtree Schools ICT Support Manager derek.crabtree@merton.gov.uk Target Operating Model 2011 Merton Audit Organisation name: London Borough of Merton Periodic plan date:
More informationPrinciples and Guidelines on Confidentiality Aspects of Data Integration Undertaken for Statistical or Related Research Purposes
Principles and Guidelines on Confidentiality Aspects of Data Integration Undertaken for Statistical or Related Research Purposes These Principles and Guidelines were endorsed by the Conference of European
More informationCloud Software Services for Schools
Cloud Software Services for Schools Supplier self-certification statements with service and support commitments Please insert supplier details below Supplier name Address Contact name Contact email Contact
More informationCleveland Police. Data protection audit report. Executive summary November 2014
Cleveland Police Data protection audit report Executive summary November 2014 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data Protection Act
More information