Corporate Compliance: A Global Perspective
|
|
- Christopher Russell
- 8 years ago
- Views:
Transcription
1 Corporate Compliance: A Global Perspective 6/27/ Offices in 18 Countries
2 Current Compliance Environment Ever-intensifying regulatory burden new areas of regulation existing regulations becoming more complex Global issue more countries jumping on board Consequences of infringement: unforgiving Step back look at compliance obligations and compare against benchmarking 2
3 Choices Corporate Counsel and boards need to make a number of important choices, e.g.: program scope and how intrusive? balance investment cost v- level of risk tolerance (80:20 rule) effective communication of senior management buy-in No two firms are identical no single blueprint for achieving corporate compliance importance of benchmarking 3
4 Compliance solutions Compliance tool-kit building blocks to a culture of compliance corporate compliance policies and programs training for boards, executives and staff protocols record-keeping audits and assessments More innovative solutions? e.g. compliance can be revenue generating: antitrust; trade; market access 4
5 Global Compliance Survey Background Together, Squire Sanders and Datacert decided to undertake a Global Compliance Survey Purpose Respond to requests from clients and Generals of the Revolution participants To make available benchmark data about compliance programs, challenges, and tools To solicit input and ideas within the compliance community about how to build, measure and improve the effectiveness of global compliance programs 5
6 Who are the participants? 88 Participants Average Annual Revenue = $11.75 Billion 6
7 Where do they do business?. 7
8 8 Does your organization have a dedicated compliance officer or resource?
9 9 What percentage of your compliance needs emanate from outside your primary HQ country?
10 Expectations
11 Many Challenges on Many Fronts Compliance professionals must remain vigilant on many fronts, and many turn to outside providers for certain aspects of their compliance programs 11
12 Measuring Success Centrally tracking all information related to compliance is critical to success and satisfaction The next two graphs show us: There is much room for improvement In a cross-reference, we find that those who do have strong tracking are significantly more satisfied with their compliance programs overall 12
13 13 Tracking Compliance
14 14 Are you happy with your current compliance program?
15 Survey Key Findings Recap Participants expect both their domestic and global compliance challenges to rise. No one area of compliance stands out as the greatest challenge, suggesting that compliance professionals must spread their attention across many fronts Having a process and technology platform for centrally tracking all compliance-related information emerges as both a critical success factor and an area needing improvement 15
16 Conclusions and Insight Global compliance: a journey not a destination The combination of good compliance programs and technology leads to the highest level of satisfaction Benchmarking and cross-fertiliz(s)ation of compliance strategies to stay ahead of the game We hope this survey and the dialogue it generates will be a spur to further discussion 16
17 Questions? Pat Cornelius E pat.cornelius@squiresanders.com T M Don Hughes E don.hughes@squiresanders.com T M Colin Jennings E colin.jennings@squiresanders.com T M
18 Corporate Compliance: A Global Perspective Pat Cornelius, Squire Sanders LLP General Practices in Compliance and Enterprise Risk Management General Principles Behind A Compliance Program Legal Compliance Risk Management Reduce Risk of Noncompliance Reduce Operational/Business Risks of Noncompliance Reduce Legal Risks of Noncompliance Reputational Impacts 18
19 Corporate Compliance: A Global Perspective What is the Approach What is the Current State of Play Discuss What is Needed (Create, Overhaul, Update, Supplement) Identify Highest Risk Areas (Based on Operations and Enforcement Activities) Focus Resources on Areas of Greatest Risk or Greatest Opportunity Put Together a Coordinated Team 19
20 Corporate Compliance: A Global Perspective Cross Border/Extraterritoriality Issues One compliance program for Entire Organization? Separate Plans For Different Jurisdictions? Combination? Global (common) rules and local rules/interpretations seek to achieve consistency where possible and if not possible, identify and manage instances of divergence (lowest common denominator) 20
21 Corporate Compliance: A Global Perspective Dan Roules, Squire Sanders LLP What are the key components of an effective anti-bribery compliance program for China and how should such programs be different in China from elsewhere in the world? How does one go about training and monitoring the performance of one s own employees in China? 21
22 Corporate Compliance: A Global Perspective Given the recent surges in M&A and commercial sales in China, what resources and procedures are recommended for due diligence on Chinese counterparts, whether acquisition targets, JV partners, or agents or distributors? How to deal with the "State secrets" issue, where there are no clear definitions and Chinese authorities interpret the law broadly. 22
23 Corporate Compliance: A Global Perspective Rob Elvin, Squire Sanders LLP Anti-bribery Compliance, a New Concept for the UK? The Bones of the Bribery Act. What is it that Makes the Act Troublesome for Global Companies. What Compliance Solutions are Global Companies Using. 23
24 Corporate Compliance: A Global Perspective Ann LaFrance, Squire Sanders LLP International Data Protection & Privacy EU Data Protection Regime EU Data Protection and e-privacy Principles Comparison to US approach Applicability to Cloud Computing services The Cloud in Europe E-Privacy Directive Cookies Proposed Overhaul of EU Data Protection Regime Questions? 24
25 EU Data Protection Regime Article 8 of the Charter of Fundamental Rights of the EU expressly recognises that all citizens of the EU have a fundamental right to privacy. Data Protection Directive 1995 Establishes the baseline rules on how data is processed (including how it is obtained, recorded, used, disclosed, erased). Each EU Member State has implemented the directive with a national flavor, and there are some significant substantive and procedural differences among Member States within the EU. Privacy and Electronic Communications Directive 2002 (e-privacy Directive) Data breach notification (comms providers) Enforcement mechanisms/audits (comms providers) Cookies (all) 25
26 EU Data Protection and e-privacy Principles Core data protection principles that must be respected by data importers (i.e. individuals/legal entities outside the EEA): 1. Justification for processing and purpose limitation data must only be used for specified and permitted purposes 2. Data quality and proportionality - data must be accurate, up-to-date, adequate and relevant 3. Transparency data subjects must be provided with information necessary to ensure fair processing 4. Security and confidentiality measures appropriate to risk must be taken and written commitments obtained from third party processors 5. Rights of access, rectification, deletion and objection generally data subjects must have such rights in relation to their personal information held by an organisation 6. Sensitive data additional measures should be taken to protect such data 7. Data used for marketing purposes effective opt-out procedures should be in place 8. Automated decisions about individuals can only be made in limited circumstances and individual rights must be protected 26
27 Comparison to US approach In contrast to US practice, protection of personal data is the rule and not the exception in the EU. Horizontal versus vertical approach to regulation. In the EU, individuals are generally viewed as having the right to be informed of whether and how data about them is collected, processed and transferred, including in the workplace. In some cases, their explicit consent is required. The EU prohibits the exportation of EU personal data to points outside the EU (and this includes remote access to EU personal data from points outside the EU), unless specified conditions are met. Exportation of personal data within a corporate group or partnership is caught by the prohibition/required conditions. EU Member States interpret/enforce the EU Directives differently. 27
28 Applicability to Cloud Computing Services Significant EU data protection issues raised by Cloud Computing (storage SaaS) Who has jurisdiction over the Cloud? Where the provider is headquartered/operates? Where the servers are located? Where the customer is located? Where the customer s customers are located? All of the above? How to comply with rules relating to export of data outside EU/EEA in a commercially sensible way? How to deal with data breach incidents and swift protection of individual rights in a global server farm set-up? 28
29 The Cloud in Europe Germany Resolution and Guidance Paper (29 September 2011) sets out minimum requirements for cloud providers including: Italy Transparency technical, organisational and legal framework of cloud provider Unambiguous contract terms relating to processing Certificates from independent auditors concerning the information security Guidance from Garante on 24 May 2012: Prioritise services promoting data portability Consult on where data will reside Ensure availability of data Awareness of contractual clauses check times and storages of data France France is also looking into the issues and has circulated a consultation. 29
30 e-privacy Directive - Cookies The e-privacy Directive was amended in 2009 to tighten up the prior opt out rule for cookies. The 2009 amendment gave Member States until 25 May 2011 to implement the changes (although the Information Commissioner s Office gave UK businesses an extra year) Member States are in various stages of implementation of the Directive. 30
31 Cookies cont d Article 5(3) of the e-privacy Directive states that: Member States shall ensure that the storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensible information inter alia about the purposes of the processing. ICO Guidance (May 2012) was amended at the last minute to include implied consent as a valid form of consent out-of step with Europe? The e-privacy Directive suggests browser settings may be one means of obtaining consent. ICO has said this is not sufficient in the UK but consent can be given by use of appropriate browser settings in some Eastern European countries (e.g. Hungary, Romania) 31
32 Cookies cont d The Article 29 Working Party adopted an Opinion on 7 June 2012 clarifying which cookies can be exempt from the requirement of informed consent. They include: User-input cookies (session-id) e.g. those used as a shopping cart Authentication cookies used to identify a user once they have logged in User interface customisation cookies e.g. language preference cookies The Working Party also set out non exempted cookies, including: First party analytics Third party cookies used for behavioural advertising 32
33 Proposed Overhaul of EU Data Protection Regime On 25 January 2012, the European Commission published a proposal for a Data Protection Regulation that is intended to replace the current regulatory framework in Europe. Implementation is not expected before mid-2014 (with a two year implementation period). Highlights include: Right to be forgotten Data portability Privacy by design Explicit consent Binding corporate processor option Data breach notification Data Protection Officer Industry Codes of Practice 33 Sanctions
Global Compliance Survey
Global Compliance Survey Executive Summary Global Compliance Survey Companies and organizations are under an ever-intensifying burden to manage and comply with countless and complex global rules and regulations.
More informationArticle 29 Working Party Issues Opinion on Cloud Computing
Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,
More informationCookies Compliance Advisory
Cookies Compliance Advisory Note: this is an advisory notice that summarises the current position of the Article 29 Working Group and makes suggestions as to how organisations might practically achieve
More informationAlign Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved.
Align Technology Data Protection Binding Corporate Rules Processor Policy Confidential Contents INTRODUCTION TO THIS POLICY 3 PART I: BACKGROUND AND ACTIONS 4 PART II: PROCESSOR OBLIGATIONS 6 PART III:
More informationUser tracking: Scope and Implementation eprivacy Directive Article 5(3)
User tracking: Scope and Implementation eprivacy Directive Article 5(3) Email Sender & Provider Coalition April 3, 2012 Presented By Karin Retzer 2012 Morrison & Foerster LLP All Rights Reserved mofo.com
More informationMIS Privacy Statement. Our Privacy Commitments
MIS Privacy Statement Our Privacy Commitments MIS Training Institute Holdings, Inc. (together "we") respect the privacy of every person who visits or registers with our websites ("you"), and are committed
More informationAlign Technology. Data Protection Binding Corporate Rules Controller Policy. 2014 Align Technology, Inc. All rights reserved.
Align Technology Data Protection Binding Corporate Rules Controller Policy Contents INTRODUCTION 3 PART I: BACKGROUND AND ACTIONS 4 PART II: CONTROLLER OBLIGATIONS 6 PART III: APPENDICES 13 2 P a g e INTRODUCTION
More informationCookies and consent. The Article 29 Working Party has identified seven types of cookies that are not subject to the consent requirement.
Cookies and consent Cookies are small text files placed on a computer and accessed by the browser when opening a webpage. - DDMA 2012 The statutory requirements governing the placement of cookies were
More informationProtection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1
Protection of Personal Data RPC001147_EN_WB_L_1 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Responsibility of Employees
More informationtechnical factsheet 176
technical factsheet 176 Data Protection CONTENTS 1. Introduction 1 2. Register with the Information Commissioner s Office 1 3. Period protection rights and duties remain effective 2 4. The data protection
More informationProtection. Code of Practice. of Personal Data RPC001147_EN_D_19
Protection of Personal Data RPC001147_EN_D_19 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Rules Responsibility
More informationPersonal information, for purposes of this Policy, includes any information which relates to an identified or an identifiable person.
PART I: INTRODUCTION AND BACKGROUND Purpose This Data Protection Binding Corporate Rules Policy ( Policy ) establishes the approach of Fluor to compliance with European data protection law and specifically
More informationPrivacy and Electronic Communications Regulations
ICO lo Notification of PECR security breaches Privacy and Electronic Communications Regulations Contents Introduction... 2 Overview... 2 Relevant security breaches... 3 What is a service provider?... 3
More informationData, Privacy, Cookies and the FTC in 2013. Kevin Stark - ExactTarget Maltie Maraj - ExactTarget Nicholas Merker - Ice Miller
Data, Privacy, Cookies and the FTC in 2013 Kevin Stark - ExactTarget Maltie Maraj - ExactTarget Nicholas Merker - Ice Miller BIOS Kevin Stark: Product Manager at ExactTarget. Focused on data security,
More informationThe Data Protection Landscape. Before and after GDPR: General Data Protection Regulation
The Data Protection Landscape Before and after GDPR: General Data Protection Regulation Data Protection regulations across Europe Current regulations & guidance European Directives 95/46/EC (Data Protection)
More informationPlus500UK Limited. Statement on Privacy and Cookie Policy
Plus500UK Limited Statement on Privacy and Cookie Policy Statement on Privacy and Cookie Policy This website is operated by Plus500UK Limited ("we, us or our"). It is our policy to respect the confidentiality
More informationSummary of Data Protection Requirements When transferring Data Outside the UK End Users
Summary of Data Protection Requirements When transferring Data Outside the UK End Users 14 May 2010 Background to transfers of the Data outside the UK Data can be transferred in a couple of ways in relation
More informationI. Personal data and its use in the business to business environment.
RESPONSE FROM THE DIRECT MARKETING ASSOCIATION (UK) LTD. TO THE EUROPEAN COMMISSION'S CONSULTATION ON THE IMPLEMENTATION OF DIRECTIVE 95/46 EC ON THE PROTECTION OF INDIVIDUALS WITH REGARD TO THE PROCESSING
More informationAn overview of UK data protection law
An overview of UK data protection law Our team Vinod Bange Partner +44 (0)20 7300 4600 v.bange@taylorwessing.com Graham Hann Partner +44 (0)20 7300 4839 g.hann@taylorwessing.com Chris Jeffery Partner +44
More informationESOMAR PRACTICAL GUIDE ON COOKIES JULY 2012
ESOMAR PRACTICAL GUIDE ON COOKIES JULY 2012 Copyright ESOMAR 2012 TABLE OF CONTENTS 2 Objectives 2 Introduction 3 Definitions 4 SECTION 1: APPLICABLE LAW 4 SECTION 2: WHAT YOU NEED TO KNOW SOME FAQs 5
More informationDailyMailz may collect and process the following personal information about you:
Privacy Policy DailyMailz is committed to preserving the privacy of all visitors to its website www.dailymailz.nl ("Website"). This privacy policy along with DailyMailz s terms and conditions of use and
More informationslaughter and may The new EU Data Protection Regulation revolution or evolution?
slaughter and may The new EU Data Protection Regulation revolution or evolution? BRIEFING April 2012 Reform of Europe s data protection regime moved one step closer this January with the publication of
More informationThe HR Skinny: Effectively managing international employee data flows
The HR Skinny: Effectively managing international employee data flows Topics we will cover today Laws affecting HR data flows HR international data protection challenges and strategic solutions Case study
More informationData Protection and Cloud Computing: an Overview of the Legal Issues
Data Protection and Cloud Computing: an Overview of the Legal Issues Christopher Kuner Partner, Hunton & Williams, Brussels Research Assistant, University of Copenhagen Nordic IT Law Conference Copenhagen,
More informationBinding Corporate Rules ( BCR ) Summary of Third Party Rights
Binding Corporate Rules ( BCR ) Summary of Third Party Rights This document contains in its Sections 3 9 all provision of the Binding Corporate Rules (BCR) for Siemens Group Companies and Other Adopting
More informationThe potential legal consequences of a personal data breach
The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.
More informationCloud Computing: Legal Risks and Best Practices
Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent
More information7.08.2 Privacy Rules for Customer, Supplier and Business Partner Data. Directive 7.08 Protection of Personal Data
Akzo Nobel N.V. Executive Committee Rules 7.08.2 Privacy Rules for Customer, Supplier and Business Partner Data Source Directive Content Owner Directive 7.08 Protection of Personal Data AkzoNobel Legal
More informationA list of CIArb subsidiaries relevant to this notice and their activities is set out below.
CHARTERED INSTITUTE OF ARBITRATORS DATA PRIVACY NOTICE INTRODUCTION This data protection notice explains what personal data will be collected by the Chartered Institute of Arbitrators and its subsidiary
More information12 January 2011. Register of Interest Representatives Identification number in the register: 52646912360-95
Z E N T R A L E R K R E D I T A U S S C H U S S MITGLIEDER: BUNDESVERBAND DER DEUTSCHEN VOLKSBANKEN UND RAIFFEISENBANKEN E.V. BERLIN BUNDESVERBAND DEUTSCHER BANKEN E.V. BERLIN BUNDESVERBAND ÖFFENTLICHER
More informationIAB Europe Guidance. Five Practical Steps to help companies comply with the E-Privacy Directive
IAB Europe Guidance Five Practical Steps to help companies comply with the E-Privacy Directive Foreword The steps laid out below are intended to help brand advertisers, publishers and advertising businesses
More informationOUTSOURCING, HOSTING AND DATA PRIVACY ISSUES
OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES 4 April 2013 James Castro-Edwards Solicitor Monica Salgado Advogada / Portuguese Lawyer OUR TEAM Speechly Bircham is an ambitious, full-service law firm with
More information1. Introduction. 2. Sectoral Areas Affected. 3. Data Security. 4. Data Breach Requirements. 5. Traffic Data
1. Introduction Special data protection rules apply to the protection of Personal Data by Data Controllers in the electronic communications sector. These are in addition to the general obligations that
More informationBig Data for Law Firms DAMIAN BLACKBURN
Big Data for Law Firms DAMIAN BLACKBURN PUBLISHED BY IN ASSOCIATION WITH Big data means big business By Simon Briskman, partner, technology & outsourcing group, Field Fisher Waterhouse LLP BIG DATA is
More informationData Processing Agreement for Oracle Cloud Services
Data Processing Agreement for Oracle Cloud Services Version December 1, 2013 1. Scope and order of precedence This is an agreement concerning the Processing of Personal Data as part of Oracle s Cloud Services
More informationHow New EU Privacy Laws Will Change Your Marketing
How New EU Privacy Laws Will Change Your Marketing A M A R K E T O W H I T E P A P E R Contributors: Josh Aberant, Director of Privacy, Marketo & Duncan Smith, CEO, icompli Contents The Basics... 4 Scope
More informationInsurance Europe key messages on the European Commission's proposed General Data Protection Regulation
Position Paper Insurance Europe key messages on the European Commission's proposed General Data Protection Regulation Our reference: SMC-DAT-12-064 Date: 3 September 2012 Related documents: Proposal for
More informationAcquia Comments on EU Recommendations for Data Processing in the Cloud
Acquia Comments on EU Recommendations for Data Processing in the Cloud Executive Summary On July 1, 2012, European Union (EU) data protection regulators provided guidelines for service providers processing
More informationCloud Software Services for Schools
Cloud Software Services for Schools Supplier self-certification statements with service and support commitments Supplier name Address Contact name Contact email Contact telephone Parent Teacher Online
More informationKey issues in data protection: a pan-european view
Key issues in data protection: a pan-european view 19 th March 2014 Nicola Fulford, Kemp Little LLP, UK Andreas Peschel-Mehner, SKW Schwarz, Germany Marco Bellezza, Portolano Cavallo, Italy Emmanuel Schulte,
More informationPrivacy Level Agreement Outline for the Sale of Cloud Services in the European Union
Privacy Level Agreement Working Group Privacy Level Agreement Outline for the Sale of Cloud Services in the European Union February 2013 The PLA Outline has been developed within CSA by an expert working
More informationBig Data for Mutuals. Marc Dautlich 25 November 2013
Big Data for Mutuals Marc Dautlich 25 November 2013 Agenda BIG DATA What is it? OPPORTUNITIES What are they? LEGAL CHALLENGES How do we overcome them? LEGAL REFORM What can we do now to minimise impact?
More informationIowa Student Loan Online Privacy Statement
Iowa Student Loan Online Privacy Statement Revision date: Jan.6, 2014 Iowa Student Loan Liquidity Corporation ("Iowa Student Loan") understands that you are concerned about the privacy and security of
More informationPosition of the retail and wholesale sector on the Draft Data Protection Regulation in view of the trilogue 2015
2 September 2015 Position of the retail and wholesale sector on the Draft Data Protection Regulation in view of the trilogue 2015 We support the efforts of EU legislators to create a harmonised data protection
More informationWELCOME. Data Security Seminar November 7, 2012
WELCOME Data Security Seminar November 7, 2012 Data Security Seminar Technology, Legal and Risk Management Roundtable November 7, 2012 Chris Watson, MBA, CISA, CRISC Internal Audit and Risk Advisory Services
More informationRecommendations for companies planning to use Cloud computing services
Recommendations for companies planning to use Cloud computing services From a legal standpoint, CNIL finds that Cloud computing raises a number of difficulties with regard to compliance with the legislation
More information10/4/2012. Marketing: Passport to the EU. October 30, 2012. Legalese. Dennis Dayman
Marketing: Passport to the EU October 30, 2012 1 Legalese This presentation is being provided for informational purposes only. Nothing in this presentation shall be construed as creating a representation,
More informationAppendix A Data Protection and Marketing Regulatory Considerations for the European Union
Appendix A Data Protection and Marketing Regulatory Considerations for the European Union Notes: Soft opt-in rules, denoted with a * within the consent for marketing columns below, generally allow marketing
More informationCLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES:
CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES: Privacy Responsibilities and Considerations Cloud computing is the delivery of computing services over the Internet, and it offers many potential
More informationTNS UK PRIVACY & COOKIE POLICY FOR SURVEYS ( Policy )
TNS UK PRIVACY & COOKIE POLICY FOR SURVEYS ( Policy ) Introduction Market and survey research serves an important function in society. Businesses and governments are able to make informed decisions through
More informationNew EU Data Protection legislation comes into force today. What does this mean for your business?
24 th May 2016 New EU Data Protection legislation comes into force today. What does this mean for your business? After years of discussion and proposals, the General Data Protection Regulation ( GDPR )
More informationAIRBUS GROUP BINDING CORPORATE RULES
1 AIRBUS GROUP BINDING CORPORATE RULES 2 Introduction The Binding Corporate Rules (hereinafter BCRs ) of the Airbus Group finalize the Airbus Group s provisions on the protection of Personal Data. These
More informationOnline and Mobile Privacy Notice ( Privacy Notice )
Online and Mobile Privacy Notice ( Privacy Notice ) Introduction This Privacy Notice applies to the operations of Cigna Global Health Benefits and its affiliated companies listed at the end of this Privacy
More informationInhouse Masterclass: Data Developments - Cyber Security & the Right to be Forgotten. MHC.ie
Inhouse Masterclass: Data Developments - Cyber Security & the Right to be Forgotten MHC.ie Rewriting the Past Oisin Tobin otobin@mhc.ie Agenda 1. Background 2. Findings and impact: a) Jurisdiction b) A
More informationLast updated: 30 May 2016. Credit Suisse Privacy Policy
Last updated: 30 May 2016 Credit Suisse Please read this privacy policy (the ) as it describes how we intend to collect, use, store, share, and safeguard your information. By accessing, visiting or using
More informationUnited Kingdom. London W1J 6QE. FCA Register No: 446677 HA6 1NW. United Kingdom
Privacy Policy For the purposes of trading CFDs and Spread Betting, 3D Markets Ltd has introduced you to 3D Market Trading, which is a trading name of Spread Co Limited ('Spread Co'), registered office
More informationBYOD Privacy and Security in Europe
BYOD Privacy and Security in Europe BYOD: Overview 2 BYOD Overview 38% of companies expect to stop providing electronic devices to their employees by 2016 (1) According to a 2013 survey conducted by Cisco,
More informationApplication of Data Protection Concepts to Cloud Computing
Application of Data Protection Concepts to Cloud Computing By Denitza Toptchiyska Abstract: The fast technological development and growing use of cloud computing services require implementation of effective
More informationInto the Cloud: How will the Draft EU Data Protection Regulation affect cloud computing service providers and users?
10 Juni 2013 Taylor Wessing - Essay Competition 2013 Into the Cloud: How will the Draft EU Data Protection Regulation affect cloud computing service providers and users? by Katarina Kesselová, LLM. Introduction
More informationWhite Paper: Data Protection In The Cloud. Data Protection In The Cloud
White Paper: Data Protection In The Cloud Data Protection In The Cloud Introduction The rapid emergence of cloud computing has placed it at the forefront of IT decision making and business strategies.
More informationPersonal Data Protection Policy
Personal Data Protection Policy Please take a moment to read the following Policy. If there is anything you do not understand then please contact us. We are committed to protecting privacy. This Personal
More informationOliver Brettle London. Employee Monitoring in the UK and Generally: Concerns Beyond the EU Data Protection Directive
Oliver Brettle London Employee Monitoring in the UK and Generally: Concerns Beyond the EU Data Protection Directive 6 th Annual Privacy Law Symposium April 27, 2006 The Focus Part I an overview on data
More informationGENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS
GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS December 2005 2 GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS I. OBJECTIVE... 1 II. SCOPE... 1 III. APPLICATION OF LOCAL LAWS...
More informationEUROPEAN PARLIAMENT 2009-2014. Committee on Industry, Research and Energy. of the Committee on Industry, Research and Energy
EUROPEAN PARLIAMT 2009-2014 Committee on Industry, Research and Energy 2012/0011(COD) 26.02.2013 OPINION of the Committee on Industry, Research and Energy for the Committee on Civil Liberties, Justice
More informationMitigating and managing cyber risk: ten issues to consider
Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed
More informationHOW TO HANDLE A WHISTLEBLOWER REPORT IN THE EU
HOW TO HANDLE A WHISTLEBLOWER REPORT IN THE EU 10 April 2014 Monica Salgado Advogada registered with the Portuguese Ordem dos Advogados Registered European Lawyer with the SRA Kirsti Laird Solicitor, (qualified
More informationCanvassing the Cloud. An Eversheds LLP and PA Consulting Group study into the adoption of Cloud technologies
Canvassing the Cloud An Eversheds LLP and PA Consulting Group study into the adoption of Cloud technologies Contents Foreword 1 Insights from the study 2 Defining the Cloud 3 Study results 4 General 4
More informationCloud Software Services for Schools
Cloud Software Services for Schools Supplier self-certification statements with service and support commitments Please insert supplier details below Supplier name Address Contact name Contact email Contact
More informationCloud Software Services for Schools
Cloud Software Services for Schools Supplier self-certification statements with service and support commitments Please insert supplier details below Supplier name Address Isuz Ltd. trading as Schoolcomms
More informationPRIVACY POLICY AND INFORMATION ON COOKIES
PRIVACY POLICY AND INFORMATION ON COOKIES This privacy policy governs the collection, storage and use of personal information (meaning any information about you which is personally identifiable namely:
More informationECSA EuroCloud Star Audit Data Privacy Audit Guide
ECSA EuroCloud Star Audit Data Privacy Audit Guide Page 1 of 15 Table of contents Introduction... 3 ECSA Data Privacy Rules... 4 Governing Law... 6 Sub processing... 6 A. TOMs: Cloud Service... 7 TOMs:
More informationIDT Financial Services Limited. Prime Card Privacy Policy
IDT Financial Services Limited Prime Card Privacy Policy Effective and Updated April 7, 2014 General IDT Financial Services Limited and its affiliates ( IDT, us, we, our ) are committed to protecting the
More informationData Protection in Clinical Studies Implications of the New EU General Data Protection Regulation
June 19, 2012 Practice Group(s): Health Care Life Sciences Data Protection in Clinical Studies Implications of the New EU General Data Protection Regulation By Mathias Schulze Steinen and Daniela Bohn
More informationOSRAM BCR Binding Corporate Rules ( BCR ) for OSRAM Group Companies and Adopting Companies for the protection of personal data
OSRAM BCR Binding Corporate Rules ( BCR ) for OSRAM Group Companies and Adopting Companies for the protection of personal data Terms Adopting company an OSRAM associated company in Germany or overseas
More informationData protection compliance checklist
Data protection compliance checklist What is this checklist for? This checklist is drawn up on the basis of analysis of the relevant provisions of European law. Although European law aims at harmonizing
More informationWidePoint Solutions Corp. SAFE HARBOR PRIVACY POLICY
WidePoint Solutions Corp. SAFE HARBOR PRIVACY POLICY Your privacy is important to us. At WidePoint Solutions Corp. we value your trust. We want you to know how we collect, use, and share and protect information
More informationCOMMENTARY. Hong Kong Strengthens Its Personal Data. on Direct Marketing JONES DAY
May 2013 JONES DAY COMMENTARY Hong Kong Strengthens Its Personal Data Privacy Laws and Imposes Criminal Penalties on Direct Marketing In 2012 Hong Kong introduced the Personal Data (Privacy) (Amendment)
More information3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014. Straightforward Security and Compliance
3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014 Continuous Education Services (elearning/workshops) Compliance Management Portals Information Security
More informationData Protection in Ireland
Data Protection in Ireland 0 Contents Data Protection in Ireland Introduction Page 2 Appointment of a Data Processor Page 2 Security Measures (onus on a data controller) Page 3 8 Principles Page 3 Fair
More informationAN INSIDE VIEW FROM THE EU EXPERT GROUP ON CLOUD COMPUTING
AN INSIDE VIEW FROM THE EU EXPERT GROUP ON CLOUD COMPUTING 1. Overview and Background On 27 September 2012, the European Commission adopted a strategy for "Unleashing the potential of cloud computing in
More informationPRIVACY POLICY. 1. Definitions and Interpretation In this Policy the following terms shall have the following meanings:
PRIVACY POLICY BACKGROUND: This Policy applies as between you, the User of this Website and DisplayNote Technologies Limited the owner and provider of this Website. This Policy applies to our use of any
More informationDealing with data breaches in Europe and beyond
Dealing with data breaches in Europe and beyond Karin Retzer and Joanna Łopatowska Morrison & Foerster LLP www.practicallaw.com/6-505-9638 The use of increasingly advanced technology means that the ways
More informationWelcome & Introductions
Addressing Data Privacy and Security Compliance in Cloud Computing Benjamin Hayes, Director of Legal Services, Data Privacy Compliance North America Accenture Copyright 2011 Accenture All Rights Reserved.
More informationPrivacy Rules for Customer, Supplier and Business Partner Data
Privacy Rules for Customer, Supplier and Business Partner Data Contact details Philips Privacy Office c/o Philips International BV, Amstelplein 2, 1096 BC, the Netherlands. E-mail: Philips_Privacy_Office@philips.com
More informationJohnson Controls Privacy Notice
Johnson Controls Privacy Notice Johnson Controls, Inc. and its affiliated companies (collectively Johnson Controls, we, us or our) care about your privacy and are committed to protecting your personal
More informationOur Commitment to Information Security
Our Commitment to Information Security What is HIPPA? Health Insurance Portability and Accountability Act 1996 The HIPAA Privacy regulations require health care providers and organizations, as well as
More informationInformation Security Risks when going cloud. How to deal with data security: an EU perspective.
Separating fact from fiction about new software licensing /SaaS/ cloud computing models: advantages, disadvantages and ethical implications. Information Security Risks when going cloud. How to deal with
More informationSummary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL
Summary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL 1. Definition of Cloud Computing In the public consultation, CNIL defined
More informationA Best Practice Guide
A Best Practice Guide Contents Introduction [2] The Benefits of Implementing a Privacy Management Programme [3] Developing a Comprehensive Privacy Management Programme [3] Part A Baseline Fundamentals
More informationSouth East Asia: Data Protection Update
Data Privacy and Security Team To: Our Clients and Friends September 2013 South East Asia: Data Protection Update Europe has had data protection laws in place for over a decade. Such laws regulate how
More informationData Protection Policy.
Data Protection Policy. Data Protection Policy Foreword 2 Foreword Ladies and Gentlemen, In the information age, we offer customers the means to be always connected, even in their cars. This requires data
More informationOPINION MAY 2012 ON CLOUD COMPUTING Article 29 Data Protection Working Party (July 1, 2012)
OPINION MAY 2012 ON CLOUD COMPUTING Article 29 Data Protection Working Party (July 1, 2012) ARTICLE 29 DATA PROTECTION WORKING PARTY 01037/12/EN WP 196 Opinion 05/2012 on Cloud Computing Adopted July 1
More informationFIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS
FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS As a world leader in electronic commerce and payment services, First Data Corporation and its subsidiaries ( First Data entity or entities ),
More informationCOMPLIANCE FRAMEWORK AND REPORTING GUIDELINES
COMPLIANCE FRAMEWORK AND REPORTING GUIDELINES DRAFT FOR CONSULTATION June 2015 38 Cavenagh Street DARWIN NT 0800 Postal Address GPO Box 915 DARWIN NT 0801 Email: utilities.commission@nt.gov.au Website:
More informationOVERVIEW. stakeholder engagement mechanisms and WP29 consultation mechanisms respectively.
Joint work between experts from the Article 29 Working Party and from APEC Economies, on a referential for requirements for Binding Corporate Rules submitted to national Data Protection Authorities in
More informationCOMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS
EUROPEAN COMMISSION Brussels, XXX [ ](2011) XXX draft COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS
More informationDESTINATION MELBOURNE PRIVACY POLICY
DESTINATION MELBOURNE PRIVACY POLICY 2 Destination Melbourne Privacy Policy Statement Regarding Privacy Policy Destination Melbourne Limited recognises the importance of protecting the privacy of personally
More informationCookies Under Control
Cookies Under Control On June 5, 2012 the new Dutch legislation on the use of cookies enters into force. What does this mean for the online marketing business? 1 CONTENTS 3 4 4 7 8 NEW RULES FOR THE USE
More informationRevelian Pty Ltd ABN 58 089 022 202 Privacy Policy Effective 1 September 2014
Revelian Pty Ltd ABN 58 089 022 202 Privacy Policy Effective 1 September 2014 OUR COMMITMENT Your privacy is important to us. This document explains how Revelian collects, handles, uses and discloses your
More informationData Protection Act 1998. Guidance on the use of cloud computing
Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered
More information