Ethical hotlines and whistleblowing ensuring businesses are not in conflict with local laws
|
|
- Lewis Logan
- 8 years ago
- Views:
Transcription
1 Ethical hotlines and whistleblowing ensuring businesses are not in conflict with local laws 16 January 2014 Robert Bond, CCEP Partner and Notary Public
2 Our Team Speechly Bircham is an ambitious, full-service law firm headquartered in London. We work with business and private clients across the UK and internationally and focus on the financial services, private wealth, technology, real estate and construction sectors We have offices in Paris, Luxembourg, Zurich and Geneva and a network of preferred law firms in most jurisdictions Our Data Protection & Information Law team provide a range of legal and consultancy on data privacy assessments, compliance, risk management, information security and data breaches We are listed in Chambers 2014 and Legal 500 as a leading law firm for Data Protection and have advised on this area of law since 1983 What I liked was the fact that the team was very willing for us to see it as an extension of our existing inhouse team. I like the way it integrated members sat alongside and guided us. That was what impressed. Robert Bond and his team have always provided comprehensive, practical advice on a timely basis. Their knowledge of the EU regulatory scene, including experience with specific agencies, as well as privacy issues globally has been instrumental in establishing our privacy policies and procedures. 2
3 Robert Bond A Solicitor, Notary and Certified Compliance & Ethics Professional, Robert has specialised in data protection since 1983 and is listed in the top 20 Best Privacy Advisers in a survey published in Computer World. In 2012 Robert was appointed an Ambassador for Privacy by Design by Commissioner Ann Cavoukian of Ontario. a brilliant lecturer, a meticulous lawyer and responsive if you contact him, you know he ll get back to you within the hour Chambers, 2008 He has advised many multinationals on transborder data flows and global data protection compliance since 1997, co-authored the ICC BCR Report in 2006, the ICC Guidelines on Basel II and Data Protection in 2007 and the ICC UK Cookies Guide in Robert is the author of many books, including Negotiating International Software Licenses and Data Transfer Agreements (Sweet & Maxwell) and Negotiating Software Contracts (Bloomsbury). Robert is a Companion of the British Computer Society, a Fellow of the Society of Advanced Legal Study, an Honorary Member of the Institute of Export and in 1994 was a researcher in Information Security and Data Protection at the University of Leicester. Robert is listed in Legal Experts 2013 and The Who s Who of International Internet & E-Commerce Lawyers. Robert is listed as Notable Practitioner for Data Protection in Chambers UK 2014 to 2010 describing him as an esteemed figure in the field. He has an impressive reputation for his work on cross-border data compliance and cutting-edge IT data privacy issues within the digital, online and social media spheres. Sources say: He continues to impress year on year. His spark of imagination and ability to grasp the technology are amazing. "He is up for anything and incredibly knowledgeable," report clients. "Everyone gravitates towards him. A very good communicator and very generous with his time. 3
4 Topics SOX 301(4) and EU Laws 2004 to today Anti-Bribery laws and data protection compliance Compliance requirements The cost of non-compliance
5 Sarbanes Oxley Act requirements SOX mandatory Code of Ethics A confidential, anonymous reporting mechanism SOX Section 301(4) states that "Each audit committee shall establish procedures for the receipt, retention and treatment of complaints received by the issuer regarding accounting, internal accounting controls or auditing matters; and the confidential anonymous submission by employees of the issuer of concerns regarding questionable accounting or auditing matters.
6 E.U. data protection principles an individual has a right to know what data is being processed about them; personal data has to be processed fairly and lawfully and with consent; personal data must be kept for no longer than is necessary and must be kept accurate and up to date; personal data must be, at all times, kept secure and where processed by a third party be managed securely; and personal data should not be transferred outside the European Economic Area to any other country that does not have adequate protection for the rights of the individual.
7 Conflict between SOX and EU Data Protection Laws EU member states data protection laws E.U. data protection authorities - All interpret the law differently CNIL Decision of 26 May 2005 (Group McDonald s France) CNIL Decision of 26 May 2005 (CEAC/Exide Technologies) The 5th Division of the Wuppertal Labour Court on 15 June 2005 (Wal-Mart Decision) Appeal dismissed too
8 CNIL reasons for their decision Anonymity Whistleblowing on too wide basis Information shared too widely Unfair collection of personal data Accused not immediately notified Rather long retention of data Lack of proportionality Fundamental data protection concerns
9 Compliance circle Roll out/training Policy Hotline vendor control Works Council Reporting restrictions Local laws Registration 9
10 UK Bribery Act and EU Data Protection Bribery is to dishonestly persuade (someone) to act in one s favour by a gift of money or other inducement The Act came into force on 1 st July 2011 and applies to those who give or receive a bribe in relation to a business in the UK Advice from the UK Government is that businesses should put in place antibribery policies and procedures including training to all officers and staff and any agents and suppliers Businesses that then implement reporting mechanisms such as ethical hotlines need to be aware of EU restrictions on such hotlines
11 Where do we find what is required by EU? CNIL, Art. 29 Working Party issued guidelines Allows anonymous reporting under certain conditions SEC and CNIL letters CNIL Guidelines, FAQ s CNIL on-line authorization Decision and forms Other member states have guidance (Spain, Germany, Austria) Local advice
12 French law amended for hotlines The CNIL Unique Authorisation no. 4 (authorisation unique no.4) deals with whistleblowing hotlines This authorisation only deals with whistleblowing relating to reports with regard to serious breaches in the accounting, financial, and banking sectors as well as anti-bribery The CNIL adopted a new deliberation in October 2010 modifying its AU-004. The aim was to avoid the confusion previously created by its art. 3 which included facts damaging the vital interests of the undertaking or to the physical or moral integrity of its employees The companies benefitting from an AU-004 for whistleblowing hotlines not strictly confined to the new text of the authorisation have a six-month deadline to ensure they comply with AU-004. There is no need to submit a new authorisation request
13 Differing stances of EU member States Compulsion Scope limitation Notification requirements Permission to transfer personal data outside the EEA Anonymity Specific requirements of local regulators Labor law requirements
14 Sweden - Notification (may impose limitations) - Data Protection applies - Limited to senior executives - Regulatory body: Datainspektionen - Published guidelines: guidance is limited to the following: - the system must be a complement to the company s normal internal administration and must be voluntary to use - the system must be limited to serious irregularities concerning accounting, internal accounting control, auditing, the fight against bribery and banking and financial crimes. The system may also be used for other serious irregularities concerning the company s vital interests or the life and health of individuals - only key personnel may be reported
15 Anonymity Spain regulatory body: Agencia de Protection de Datos - published guidelines: - Portugal regulatory body: - published guidelines: pdf Finland published guidelines: Whistleblowing System in Working Life regulatory body: Data Protection Ombudsman
16 Poland Difficulty faced by GIODO because of fair processing requirements of Polish Personal Data Protection Act PDP also requires specific documents for compliance whether or not there is a whistleblower hotline
17 Hungarian whistleblower guidance The Guidelines follow the Article 29 Guidelines..but Reports must be limited to grave violations of company policies The system must not be used to control work performance Reports cannot be made by staff directly to the parent company They must be reported to the local company The local company must manage the system and any contract with the service provider An employee that transfers personal data direct to the parent company may be liable to criminal and civil actions
18 Bulgaria Decision of the Data Protection Authority on a whistleblowing hotline Approved the use of a third party provider in the US Scheme included sensitive personal data The opinion was positive because the processing operation: - Has the necessary safeguards to protect the data - Allows for employees rights - The transfer is made to a Safe Harbor certified processor 18
19 Ethical hotlines: How do you achieve compliance? One size does not fit all ethical hotlines must be tailored to meet local requirements Reconfigure procedures Narrow scope of reports Remember country by country specifics Anonymity should be a last resort Retention periods should be observed Third party vendors need to be contractually controlled and guided
20 Potential Fines
21 Potential Imprisonment
22 Recent enforcement for breaches
23 EU General Data Protection Regulation - Data transfers Simplifying legitimising conditions - Binding Corporate Rules - European Data Protection Seal - Model clauses 23
24 THE COST OF NON-COMPLIANCE Other costs Reputational damage and loss of public trust Share price, turnover, profits Legal advice to prevent future loss Forensic examination Technological Compensation and responding to those affected Greater marketing push to improve public image Business disruption => Prevention is easier (and cheaper) than cure EU General Data Protection Regulation Fines of up to 100 million or 5% of annual worldwide turnover (whichever is greater) Notification without undue delay (72 hour notification period) 24
25 FURTHER INFORMATION For more information please contact: Robert Bond +44 (0)
HOW TO HANDLE A WHISTLEBLOWER REPORT IN THE EU
HOW TO HANDLE A WHISTLEBLOWER REPORT IN THE EU 10 April 2014 Monica Salgado Advogada registered with the Portuguese Ordem dos Advogados Registered European Lawyer with the SRA Kirsti Laird Solicitor, (qualified
More informationBIG DATA AND THE INTERNET OF THINGS
BIG DATA AND THE INTERNET OF THINGS 12 September 2013 Robert Bond Partner and Notary Public Janine Regan Solicitor Tughan Thuraisingam Paralegal Our team Speechly Bircham is an ambitious, full-service
More informationThe Art of Constructing Global Whistleblowing Programmes
The Art of Constructing Global Whistleblowing Programmes Mark E. Schreiber Chair, Privacy & Data Protection Group Steering Committee Edwards Wildman Palmer LLP 111 Huntington Avenue Boston, MA 02199 617-239-0585
More informationOUTSOURCING, HOSTING AND DATA PRIVACY ISSUES
OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES 4 April 2013 James Castro-Edwards Solicitor Monica Salgado Advogada / Portuguese Lawyer OUR TEAM Speechly Bircham is an ambitious, full-service law firm with
More informationData Protection and Information Security: The top 5 risks for 2013 1 November 2012
Robert Bond Head of Data Protection & Information Law Group Data Protection and Information Security: The top 5 risks for 2013 1 November 2012 Our team Speechly Bircham is an ambitious, full-service law
More informationData Protection & Cyber Security Law Update 1 st October 2015
Data Protection & Cyber Security Law Update 1 st October 2015 Robert Bond, Partner Janine Regan, Associate Viktoria Protokova, Data Protection Executive charlesrussellspeechlys.com Brief introduction to
More informationE-Discovery and EU Data Protection laws
Robert Bond robert.bond@speechlys.com Alexander Carter-Silk alexander.carter-silk@speechlys.com IP, Technology & Data Group E-Discovery and EU Data Protection laws Alex Carter-Silk, Partner, IP, Technology
More informationPresentation by: Dr. Nathalie Moreno Partner. Cloud Computing and Data Protection: an Update 4 October 2012
Presentation by: Dr. Nathalie Moreno Partner Cloud Computing and Data Protection: an Update 4 October 2012 Our team Speechly Bircham is an ambitious, international mid-size fullservice law firm head-quartered
More informationInformation Management Compliance and Data protection.
Information Management Compliance and Data protection. Technology, Media & Telecommunications Information is the life blood of every business. Yet how you use that information is increasingly regulated.
More informationICC Guidelines on Whistleblowing
ICC Guidelines on Whistleblowing Prepared by the ICC Commission on Anti-Corruption A. Introduction 1. No abatement of corruption and economic fraud Fraud remains one of the most problematic issues for
More informationData and Cyber Laws Up-date 9 July 2015
Data and Cyber Laws Up-date 9 July 2015 Janine Regan Alexia Zuber Viktoria Protokova Simon Holdsworth charlesrussellspeechlys.com Topics Updates on the key aspects of, and commentary on, the proposed GDPR
More informationEU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update. By Stephen H. LaCount, Esq.
EU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update By Stephen H. LaCount, Esq. Overview The European Union Data Protection Directive 95/46/EC ( Directive ) went effective in
More informationImplementing and monitoring effective compliance policies & procedures. charlesrussellspeechlys.com
Implementing and monitoring effective compliance policies & procedures charlesrussellspeechlys.com Robert Bond Partner Robert Bond has over 36 years' experience in advising national and international clients
More informationPersonal information, for purposes of this Policy, includes any information which relates to an identified or an identifiable person.
PART I: INTRODUCTION AND BACKGROUND Purpose This Data Protection Binding Corporate Rules Policy ( Policy ) establishes the approach of Fluor to compliance with European data protection law and specifically
More informationBig Data for Mutuals. Marc Dautlich 25 November 2013
Big Data for Mutuals Marc Dautlich 25 November 2013 Agenda BIG DATA What is it? OPPORTUNITIES What are they? LEGAL CHALLENGES How do we overcome them? LEGAL REFORM What can we do now to minimise impact?
More informationCloud computing and personal data protection. Gwendal LE GRAND Director of technology and innovation CNIL
Cloud computing and personal data protection Gwendal LE GRAND Director of technology and innovation CNIL 1 Data protection in Europe Directive 95/46/EC Loi 78-17 du 6 janvier 1978 amended in 2004 (France)
More informationFRANCE. Chapter XX OVERVIEW
Chapter XX FRANCE Merav Griguer 1 I OVERVIEW France has an omnibus privacy, data protection and cybersecurity framework law. As a member of the European Union, France has implemented the EU Data Protection
More informationProcessor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries
Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Sopra HR Software as a Data Processor Sopra HR Software, 2014 / Ref. : 20141120-101114-m 1/32 1.
More informationFIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS
FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS As a world leader in electronic commerce and payment services, First Data Corporation and its subsidiaries ( First Data entity or entities ),
More informationMATTHEWS INTERNATIONAL CORPORATION
MATTHEWS INTERNATIONAL CORPORATION U.S. FOREIGN CORRUPT PRACTICES ACT COMPLIANCE POLICY INTRODUCTION Principles Underlying the United States Foreign Corrupt Practices Act ( FCPA ). The FCPA s Anti-Bribery
More informationThe HR Skinny: Effectively managing international employee data flows
The HR Skinny: Effectively managing international employee data flows Topics we will cover today Laws affecting HR data flows HR international data protection challenges and strategic solutions Case study
More informationAIRBUS GROUP BINDING CORPORATE RULES
1 AIRBUS GROUP BINDING CORPORATE RULES 2 Introduction The Binding Corporate Rules (hereinafter BCRs ) of the Airbus Group finalize the Airbus Group s provisions on the protection of Personal Data. These
More informationEU Data Protection and Information Security for Banking & Financial Service sectors 4 th December 2014
EU Data Protection and Information Security for Banking & Financial Service sectors 4 th December 2014 Janine Regan, Associate George Willis, Associate charlesrussellspeechlys.com Janine Regan Associate
More informationStandards of. Conduct. Important Phone Number for Reporting Violations
Standards of Conduct It is the policy of Security Health Plan that all its business be conducted honestly, ethically, and with integrity. Security Health Plan s relationships with members, hospitals, clinics,
More informationa. employees Company; or
Code of Busines ss Conduct and Ethics 1. Introduction a. This Code of Business Conduct and Ethics (the Code ) applies to all directors, officers, employees and third parties employed or directly engaged
More informationThe potential legal consequences of a personal data breach
The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.
More informationtechnical factsheet 176
technical factsheet 176 Data Protection CONTENTS 1. Introduction 1 2. Register with the Information Commissioner s Office 1 3. Period protection rights and duties remain effective 2 4. The data protection
More informationAlign Technology. Data Protection Binding Corporate Rules Controller Policy. 2014 Align Technology, Inc. All rights reserved.
Align Technology Data Protection Binding Corporate Rules Controller Policy Contents INTRODUCTION 3 PART I: BACKGROUND AND ACTIONS 4 PART II: CONTROLLER OBLIGATIONS 6 PART III: APPENDICES 13 2 P a g e INTRODUCTION
More informationINTERNATIONAL SOS. Data Protection Policy. Version 1.05
INTERNATIONAL SOS Data Protection Policy Document Owner: LCIS Division Document Manager: Group General Counsel Effective: December 2008 Revised: 2015 All copyright in these materials are reserved to AEA
More informationClaims Management Services Regulation. Conduct of Authorised Persons Rules 2014
Claims Management Services Regulation Conduct of Authorised Persons Rules 2014 Effective from 1 October 2014 Contents Introduction 1 Definitions 1 General Rules Principles 2 Conduct of Business 2 Professional
More informationEAGLE PARENT, INC EPICOR SOFTWARE CORPORATION ACTIVANT SOLUTIONS, INC. UK ANTI-BRIBERY AND CORRUPTION POLICY. (As Adopted July 2011)
EAGLE PARENT, INC EPICOR SOFTWARE CORPORATION ACTIVANT SOLUTIONS, INC. UK ANTI-BRIBERY AND CORRUPTION POLICY (As Adopted July 2011) Introduction This UK Anti-Bribery and Corruption Policy ( Policy ) is
More informationUIBL TOBA. United Insurance Brokers Ltd. Terms of Business Agreement
TOBA United Insurance Brokers Ltd Terms of Business Agreement 1. Introduction and business service United Insurance Brokers Ltd () is an independent international insurance and reinsurance (1) Lloyd s
More informationDRAFT. Anti-Bribery and Anti-Corruption Policy. Introduction. Scope. 1. Definitions
DRAFT Change History: Anti-Bribery and Anti-Corruption Policy Control Risks Group Ltd Commercial in confidence Introduction This document defines Control Risks policy on the avoidance of bribery and corruption.
More informationClaims Management Services Regulation. Conduct of Authorised Persons Rules 2013 (2)
Claims Management Services Regulation Conduct of Authorised Persons Rules 2013 (2) Effective from 8 July 2013 Contents Introduction 1 Definitions 1 General Rules Principles 2 Conduct of Business 2 Professional
More informationAlign Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved.
Align Technology Data Protection Binding Corporate Rules Processor Policy Confidential Contents INTRODUCTION TO THIS POLICY 3 PART I: BACKGROUND AND ACTIONS 4 PART II: PROCESSOR OBLIGATIONS 6 PART III:
More informationPRACTICAL LAW DATA PROTECTION MULTI-JURISDICTIONAL GUIDE 2012/13. The law and leading lawyers worldwide
PRACTICAL LAW MULTI-JURISDICTIONAL GUIDE 2012/13 The law and leading lawyers worldwide Essential legal questions answered in 30 key jurisdictions Analysis of critical legal issues AVAILABLE ONLINE AT WWW.PRACTICALLAW.COM/DATAPROTECTION-MJG
More informationBusiness Ethics Policy
Business Ethics Policy Page 1 of 12 Preface and document control This document is intended to provide information in respect of G4S Group Head Office policy, procedure, standards or guidance and will be
More informationStandard conditions of purchase
Standard conditions of purchase 1 OFFER AND ACCEPTANCE 2 PROPERTY, RISK & DELIVERY 3 PRICES & RATES The Supplier shall provide all Goods and Services in accordance with the terms and conditions set out
More informationData protection issues on an EU outsourcing
Data protection issues on an EU outsourcing Saam Golshani, Alastair Gorrie and Diego Rigatti, Orrick Herrington & Sutcliffe www.practicallaw.com/8-380-8496 Outsourcing can mean subcontracting a process
More informationFOREIGN CORRUPT PRACTICES ACT POLICY for PROJECT PROFESSIONALS GROUP PTY. LTD.
FOREIGN CORRUPT PRACTICES ACT POLICY for PROJECT PROFESSIONALS GROUP PTY. LTD. 1.0 Purpose and Scope of this Manual The purpose of this Policy is to ensure compliance by Project Professionals Group Pty.
More informationCorporate Policy. Data Protection for Data of Customers & Partners.
Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing
More informationOVERVIEW. stakeholder engagement mechanisms and WP29 consultation mechanisms respectively.
Joint work between experts from the Article 29 Working Party and from APEC Economies, on a referential for requirements for Binding Corporate Rules submitted to national Data Protection Authorities in
More informationSummary of Data Protection Requirements When transferring Data Outside the UK End Users
Summary of Data Protection Requirements When transferring Data Outside the UK End Users 14 May 2010 Background to transfers of the Data outside the UK Data can be transferred in a couple of ways in relation
More information3.6. Please also note, unless your policy confirms otherwise, the rights under your policy may only be pursued in an English court.
Terms of business agreement - commercial customers M & N Insurance Service Limited Authorised and regulated by the Financial Conduct Authority No: 305837. Registered Office: 248 Hendon Way London NW4 3NL
More informationComplying with the U.S. Foreign Corrupt Practices Act
Complying with the U.S. Foreign Corrupt Practices Act 1. About This Manual This Manual describes the Foreign Corrupt Practices Act ( FCPA ), 15 U.S.C. 78m, 78dd, 78ff (collectively, FCPA ), anti-corruption
More informationData Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document
Data Protection Processing and Transfer of Personal Data in Kvaerner Binding Corporate Rules Public Document 1 of 19 1 / 19 Table of contents 1 Introduction... 4 1.1 Scope... 4 1.2 Definitions... 4 1.2.1
More informationBRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS
BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS Mat Wright www.britishcouncil.org CONTENTS Purpose of the code 1 Scope of the code 1 The British Council s data protection commitment and
More informationSTATEMENT FROM THE CHAIRMAN
STATEMENT FROM THE CHAIRMAN In an ever-changing global marketplace, it is important for all of us to have an understanding of the responsibilities each of have in carrying out day-to-day business decisions
More informationData Management: Considerations for Integrating Compliance Requirements At Home and Abroad. Toronto, Ontario June 14, 2005
Data Management: Considerations for Integrating Compliance Requirements At Home and Abroad Toronto, Ontario June 14, 2005 Outsourcing Update: New Contractual Options and Risks Lisa K. Abe June 14, 2005
More informationCODE OF CONDUCT Ethical rules and guidelines
CODE OF CONDUCT Ethical rules and guidelines CONTENT Introduction... 3 Our customers... 5 Employees... 7 The world around us... 9 Communication & dialog... 11 Security, theft & loss... 13 Environment...
More informationNew EU Data Protection legislation comes into force today. What does this mean for your business?
24 th May 2016 New EU Data Protection legislation comes into force today. What does this mean for your business? After years of discussion and proposals, the General Data Protection Regulation ( GDPR )
More informationBHF Southern African Conference
BHF Southern African Conference Navigating the complexities of the new legislative framework Peter Hill, Director: IT Governance Network TOPICS TO BE COVERED The practical implementation of the PPI Act
More informationCONSULTATION PAPER NO 2. 2004
CONSULTATION PAPER NO 2. 2004 REGULATION OF GENERAL INSURANCE MEDIATION BUSINESS This consultation paper explains the need for the Island to regulate general insurance mediation business and examines the
More informationTilburg University. U.S. Subpoenas and European data protection legislation Moerel, Lokke; Jansen, Nani; Koëter, Jeroen
Tilburg University U.S. Subpoenas and European data protection legislation Moerel, Lokke; Jansen, Nani; Koëter, Jeroen Published in: International Data Privacy Law Document version: Preprint (usually an
More informationThe eighth data protection principle and international data transfers
Data Protection Act 1998 The eighth data protection principle and international data transfers The Information Commissioner s recommended approach to assessing adequacy including consideration of the issue
More informationE-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY
E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY Oana Dolea 7 th Annual Leg@l.IT Conference March 26th, 2013 Montreal, Canada INTRODUCTION Mobile e-commerce vs. E-commerce Mobile e-commerce:
More informationBinding Corporate Rules ( BCR ) Summary of Third Party Rights
Binding Corporate Rules ( BCR ) Summary of Third Party Rights This document contains in its Sections 3 9 all provision of the Binding Corporate Rules (BCR) for Siemens Group Companies and Other Adopting
More informationArticle 29 Working Party Issues Opinion on Cloud Computing
Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,
More informationcompany policy number 0001 LEGAL AND ETHICAL CONDUCT
company policy number 0001 LEGAL AND ETHICAL CONDUCT eff. date replaces page 28 Mar. 2011 14 Feb. 2006 1 of 10 PURPOSE CPI has adopted this Code of Legal and Ethical Conduct ( Code ) to promote: honest
More informationDATA PROTECTION POLICY
Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection
More informationOSRAM BCR Binding Corporate Rules ( BCR ) for OSRAM Group Companies and Adopting Companies for the protection of personal data
OSRAM BCR Binding Corporate Rules ( BCR ) for OSRAM Group Companies and Adopting Companies for the protection of personal data Terms Adopting company an OSRAM associated company in Germany or overseas
More informationINTEGRITY IN ACTION - HEALTH CARE COMPLIANCE
A PASSION FOR INTEGRITY INTEGRITY IN ACTION - HEALTH CARE COMPLIANCE HEALTH CARE COMPLIANCE IS EVERYONE S RESPONSIBILITY DePuy Synthes is known the world over for innovative, life enhancing orthopedic
More informationRecommendations for companies planning to use Cloud computing services
Recommendations for companies planning to use Cloud computing services From a legal standpoint, CNIL finds that Cloud computing raises a number of difficulties with regard to compliance with the legislation
More informationEvergreen Solar, Inc. Code of Business Conduct and Ethics
Evergreen Solar, Inc. Code of Business Conduct and Ethics A MESSAGE FROM THE BOARD At Evergreen Solar, Inc. (the Company or Evergreen Solar ), we believe that conducting business ethically is critical
More informationEU Regulatory Trends in Data Protection & Cybersecurity What should be on the industry s agenda?
EU Regulatory Trends in Data Protection & Cybersecurity What should be on the industry s agenda? Dr. Jörg Hladjk Counsel European Data Protection & Privacy Practice Hunton & Williams, Brussels Cyber Security
More informationInhouse Masterclass: Data Developments - Cyber Security & the Right to be Forgotten. MHC.ie
Inhouse Masterclass: Data Developments - Cyber Security & the Right to be Forgotten MHC.ie Rewriting the Past Oisin Tobin otobin@mhc.ie Agenda 1. Background 2. Findings and impact: a) Jurisdiction b) A
More informationData Protection Avoiding Information Commissioner Fines. Caroline Egan 5 June 2014
Data Protection Avoiding Information Commissioner Fines Caroline Egan 5 June 2014 Why is data protection a hot topic in pensions? Pension schemes hold large amounts of personal data Individuals more aware
More informationPrivacy & Data Security: The Future of the US-EU Safe Harbor
Privacy & Data Security: The Future of the US-EU Safe Harbor NAOMI MCBRIDE, LISA J. SOTTO AND BRIDGET TREACY, HUNTON & WILLIAMS LLP, WITH PRACTICAL LAW US INTELLECTUAL PROPERTY & TECHNOLOGY AND UK IP&IT
More informationThe Role and Function of a Data Protection Officer in the European Commission s Proposed General Data Protection Regulation. Initial Discussion Paper
The Role and Function of a Data Protection Officer in the European Commission s Proposed General Data Protection Regulation 1. Introduction Initial Discussion Paper The data protection officer ( DPO )
More informationE-Zec Medical Transport Services Ltd
E-Zec Medical Transport Services Ltd Terminal Building Redhill Aerodrome, Kingsmill Lane Redhill Surrey RH1 5YP Licence Number: 200120 Date of Issue Version Number 19/06/2015 1.0 Dr David Bennett, Chief
More informationBBC. Anti-Bribery Policy. June 2011
BBC Anti-Bribery Policy June 2011 CONTENTS CLAUSE 1. Anti-Bribery Policy statement... 1 2. Who is covered by the policy?... 2 3. What is bribery?... 2 4. Gifts and hospitality... 3 5. Gifts and hospitality
More informationTHE TRANSFER OF PERSONAL DATA ABROAD
THE TRANSFER OF PERSONAL DATA ABROAD MARCH 2014 THIS NOTE CONSIDERS THE SITUATION OF AN IRISH ORGANISATION OR BUSINESS SEEKING TO TRANSFER PERSONAL DATA ABROAD FOR STORAGE OR PROCESSING, IN LIGHT OF THE
More informationCommission on E-Business, IT and Telecoms Task Force on Privacy and the Protection of Personal Data
International Chamber of Commerce The world business organization Department of Policy and Business Practices Commission on E-Business, IT and Telecoms Task Force on Privacy and the Protection of Personal
More informationCode of Conduct 1. The Financial Services Authority
The Financial Services Authority Code of Conduct 1 1 The FSA's Code of Conduct should be read in conjunction with the guidance, which is designed to help you understand and apply the provisions of the
More informationWHISTLE BLOWING POLICY & PROCEDURES
Management Circular No: GCSL/01.2013 Revised: 01/2014 WHISTLE BLOWING POLICY & PROCEDURES All rights reserved. No part contained in this Policy may be reproduced or copied in any form without the written
More informationLAW ON THE PROTECTOR OF HUMAN RIGHTS AND FREEDOMS
LAW ON THE PROTECTOR OF HUMAN RIGHTS AND FREEDOMS Podgorica, July 2003 LAW ON THE PROTECTOR OF HUMAN RIGHTS AND FREEDOMS I BASIC PROVISIONS Article 1 Establishing the Protector of Human Rights and Freedoms
More information4. We understand this to mean that each provider state will need to ensure indemnity arrangements are in place to cover healthcare provided in that
Medical Defence Union response to consultation on European Commission s proposals for Directive on the application of patients rights in cross-border healthcare Introduction 1. The Medical Defence Union
More informationClause 1. Definitions and Interpretation
[Standard data protection [agreement/clauses] for the transfer of Personal Data from the University of Edinburgh (as Data Controller) to a Data Processor within the European Economic Area ] In this Agreement:-
More informationSouth East Asia: Data Protection Update
Data Privacy and Security Team To: Our Clients and Friends September 2013 South East Asia: Data Protection Update Europe has had data protection laws in place for over a decade. Such laws regulate how
More informationThompson Jenner LLP Last revised April 2013 Standard Terms of Business
The following standard terms of business apply to all engagements accepted by Thompson Jenner LLP. All work carried out is subject to these terms except where changes are expressly agreed in writing. 1
More informationGSK Public policy positions
Safeguarding Personally Identifiable Information A Summary of GSK s Binding Corporate Rules The Issue The processing of Personally Identifiable Information (PII) 1 and Sensitive Personally Identifiable
More informationAustralia s unique approach to trans-border privacy and cloud computing
Australia s unique approach to trans-border privacy and cloud computing Peter Leonard Partner, Gilbert + Tobin Lawyers and Director, iappanz In Australia, as in many jurisdictions, there have been questions
More informationLEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction
LEEDS BECKETT UNIVERSITY Information Security Policy 1.0 Introduction 1.1 Information in all of its forms is crucial to the effective functioning and good governance of our University. We are committed
More informationCARDINAL RESOURCES LLC INTRODUCTION
CARDINAL RESOURCES LLC ANTI- BRIBERY AND ANTI- CORRUPTION POLICY INTRODUCTION The purpose of this Anti- bribery and Anti- corruption Policy (the "Policy") is to ensure compliance by the Red Bird Group
More informationFirm Registration Form
Firm Registration Form Firm Registration Form This registration form should be completed by firms who are authorised and regulated by the Financial Conduct Authority. All sections of this form are mandatory.
More informationOur vision. A company where the best people want to work.
Code of Conduct Our vision A company where the best people want to work. The world leader in chemical distribution, providing unparalleled connectivity between customers and suppliers. 2 Univar s guiding
More informationOverview of Employment and Employee Privacy Laws and Key Trends in Austria
P a g e 1 Privacy Interviews with Experts August 2011 Toronto / Washington DC / Brussels www.nymity.com Rainer Knyrim Attorney and Partner Preslmayr Attorneys at Law Vienna, Austria Overview of Employment
More informationConsultation response
Consultation response SRA: Regulating international practice Overview 1. The Panel s statutory remit means our interest is primarily focused on services provided in the consumer market to clients in England
More informationRegulated Mortgages. March 2012
Regulated Mortgages March 2012 1 Introduction Since 31 October 2004, Regulated Mortgage Contracts have been subject to statutory control, supervised by the Financial Services Authority ("FSA"). Under Section
More informationClient Update A New Ruling by the French Data Protection Authority: Is the Right to Be Forgotten Crossing the Atlantic to the U.S.?
1 Client Update A New Ruling by the French Data Protection Authority: Is the Right to Be Forgotten Crossing the Atlantic to the U.S.? NEW YORK Jeremy Feigelson jfeigelson@debevoise.com PARIS Frederick
More informationANTI-CORRUPTION AND ANTI-BRIBERY POLICY
COMPLIANCE 18.0 ANTI-CORRUPTION AND ANTI-BRIBERY POLICY I. SCOPE This policy applies to all directors, officers, employees, agents, and shareholders of UHS of Delaware, Inc. (hereafter, UHS ), its subsidiaries
More informationBritannia Additional Insurances Terms of Business Agreement
Britannia Additional Insurances Terms of Business Agreement MAY 2014 Introduction This terms of business agreement (the Agreement ) sets out the nature and scope of the insurance mediation services The
More informationAPPLICATION FORM. 1. Please read the brochure and the whole of this application form, which has 10 pages.
APPLICATION FORM managed inheritance SERVICE 1. Please read the brochure and the whole of this application form, which has 10 pages. 2. Next complete pages 2 to 5, signing on pages 2, 4 and 5. Make a copy
More informationWhistleblower Policy HR-PO718, 1.1
Whistleblower Policy HR-PO718, 1.1 Sharda Centre, Off Karve Road, Erandwane, Pune, Maharashtra, India 411004 www.techmahindra.com Copyright 2013, Tech Mahindra. All rights reserved. Table of Contents 1.
More informationZurich Accidental Death Cover. Terms and conditions
Zurich Accidental Death Cover Terms and conditions Contents Terms and conditions Introduction 3 Roles and responsibilities 4 Zurich s roles and responsibilities 4 Your roles and responsibilities 4 Your
More informationInvitation to Tender - Provision of SIM Cards for Data and Voice Services. 20 November 2015
Invitation to Tender - Provision of SIM Cards for Data and Voice Services 20 November 2015 Invitation to Tender Provision of SIM Cards for Data and Voice Services We are pleased to invite your company
More informationHORIZON OIL LIMITED (ABN: 51 009 799 455)
HORIZON OIL LIMITED (ABN: 51 009 799 455) CORPORATE CODE OF CONDUCT Corporate code of conduct Page 1 of 7 1 Introduction This is the corporate code of conduct ( Code ) for Horizon Oil Limited ( Horizon
More informationTHE CLAIMS MANAGEMENT CODE ( the Code )
THE CLAIMS MANAGEMENT CODE ( the Code ) CONTENTS 1 Introduction 2 Principles 3 Publishing the Code 4 Training and Competence 5 Advertising, Marketing and Promotional Activities 6 Charges 7 Information
More informationComplaints Standard. for Suppliers. Categorised as Basic (B or F)
Complaints Standard for Suppliers Categorised as Basic (B or F) (UK version) Contents Introduction 3 Definitions 3 1. Process, Procedures and Controls 5 2. Regulatory Standards 7 3. Employees 7 4. Publicising
More information