20/09/2013. Global Privacy and Data Protection: Practical Risk Assessment and Governance. Topics
|
|
- Ginger Lindsey
- 5 years ago
- Views:
Transcription
1 Global Privacy and Data Protection: Practical Risk Assessment and Governance 9 October 2013 Robert Bond, BA, CCEP, HonMIEx Head of Data Protection and Info Security, Speechly Bircham Marti Arvin, CHC-F, CHPC, CHRC, CCEP- F Chief Compliance Officer, UCLA Health System Topics Understanding the global legal and regulatory landscape OECD Guidelines Applying the Guidelines to your business Assessing the risks and planning the compliance program Tools and tactics for an effective risk management regime 1
2 Case Study Stage Background the OECD Guidance 2. The European Union and other Central Eastern European countries 3. The US (sector based regulations) 4. APEC 5. Canada (PIPEDA) 6. Australia 7. Recent developments emerging laws 4 2
3 Background - the OECD Guidance - The OECD Guidance (Organization for Economic Co-operation and Development Guidelines on the Protection of Privacy and Trans-border Flows of Personal Data, adopted 23 September 1980) - OECD is an international economic organization founded in 1961 to stimulate economic progress and world trade - Members include the US, European and South American countries, and Australia Definitions - Data controller means any information relating to an identified or identifiable individual (data subject); - Personal data means any information relating to an identified or identifiable individual (data subject); - Transborder data flows means movements of personal data across national borders 5 Background - the OECD Guidance Eight data protection principles 1. Collection Limitation 2. Data Quality 3. Purpose Specification 4. Use Limitation 5. Security Safeguards 6. Openness 7. Individual Participation 8. Accountability 6 3
4 Privacy notice OBA and cookies Collection limitation Consent Privacy by default Privacy policy Records managment Data quality Information security Audits 4
5 Privacy notice Data transfer/handling Purpose specification Consent Fair use Privacy notice 3 rd party processing Use limitation Audit Information security 5
6 Policies & procedures Training Security safeguards Due diligence Insurance Clear and unambiguous notices Subject access policy Openness Privacy impact assessments Privacy by design 6
7 Subject access request Communication Individual participation Data protection officer Data management policies Compliance Training Accountability Data protection policy Transparency 7
8 The European Union - The EU Data Protection Directive - Implementing national legislation - Which law applies? - The General Data Protection Regulation 15 The US (sector based regulations) The Fair Credit Reporting Act (FCRA) The Financial Services Modernization Act of 1999 (Gramm-Leach-Bliley Act GLBA ) California SB1 Health Insurance Portability and Accountability Act of 1996 ( HIPPA ) Children s Online Privacy Protection Act 1998 (COPPA) Junk Fax Prevention Act of 2005 CAN-SPAM Act Controlling the Assault of Non-Solicited Pornography and Marketing Act of
9 APEC (Asia-Pacific Economic Community) Forum for facilitating trade and investment in the Asia-Pacific region Members include Australia, Canada, China, Japan, Vietnam, the Russian Federation and the US The APEC Framework, is intended to provide a legal basis for facilitating international Transfers and providing a minimum standard of privacy protection Implementation of the APEC Framework is not mandatory 17 Canada (PIPEDA) The Personal Information Protection and Electronic Documents Act 2000 (PIPEDA) Ten key privacy principles: 1. Accountability. 2. Identifying purposes. 3. Consent. 4. Limiting collection. 5. Limiting use, disclosure and retention. 6. Accuracy. 7. Safeguards. 8. Openness. 9. Individual access. 10. Challenging compliance. 18 9
10 Australia The Privacy Act 1988 contains the ten National Privacy Principles: 1. Collection. Describes what an organisation should do when collecting personal information 2. Use and disclosure. Outlines how organisations may use and disclose individuals' personal information 3. Information quality. An organisation must take steps to ensure the personal information it holds is accurate and up-to-date 4. Information security. Information must be kept secure from unauthorised use or access 5. Openness. An organisation must have a policy on how it manages personal information, and make it available to anyone who asks for it 6. Access and correction. Individuals have a right of access to their personal information 7. Identifiers. Generally, an organisation cannot adopt an Australian government identifier for an individual (for example, Medicare numbers) as its own 8. Anonymity. Where possible, organisations must give individuals the opportunity to do business with them without the individual having to identify themselves 9. Trans border data flows. Sets out how organisations should protect personal information that they transfer outside Australia 10. Sensitive information. Sensitive information includes information such as health, racial or ethnic background, or criminal record. Higher standards apply to the handling of sensitive information 19 Recent developments - emerging laws Singapore: Personal Data Protection Act 2012 (PDPA); came into force 2 nd January 2013; anticipated month sunrise period The Philippines: Data Privacy Act 2012; to come into force in 2013 Hong Kong: The Personal Data (Privacy) (Amendment) Ordinance (Amendment Ordinance) was passed into law in June Most of its provisions came into effect on 1 October 2012, the remainder in April 2013 Malaysia: Personal Data and Protection Act 2010 to be enforced in 2013 China: Currently no comprehensive legal framework for data protection. In late 2012 China s legislative body issued new rules on the protection of electronic personal data of Chinese citizens with immediate effect Taiwan: The Personal Data Protection Law was passed in 2011 and came into force in October
11 Recent developments - emerging laws South Korea: The Personal Information Protection Act 2011 was passed on 29 March 2011 and came into force on 30 September There is also the Act on Promotion of Information and Communication Network Utilization and Information Protection (IT Network Act) which regulates the collection and use of personal information by IT Service Providers Mexico: Federal Law for the Protection of Personal Data in Possession of Private Persons (Personal Data Protection Law) passed in 2010 Brazil: There is no specific data protection law in Brazil Columbia: A new Data Protection Law was passed on 7 October 2011 and came into force on 18 April 2013 India: The Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules 2011 were issued under s. 43A of the Information Technology Act, Russia a patchwork of laws including the Data Protection Act No. 152 of 2006 and the need for a DPO, Registration and processing principles similar to EU Ukraine - Law of Ukraine on Protection of Personal Data; recent fine for failing to update registration; principles are similar to EU; draft law proposes termination of DPA and replacement with more powerful Regulator Serbia DP Act 2009 with similar principles to EU Turkey - Turkey's Draft Law on Data Protection (the "Draft Law"), is expected to be passed at the end of 2013 or in early 2014; similar principles to EU 22 11
12 Case Study Stage 2 23 Case Study Stage
13 What should the audit achieve? A systematic and independent examination to determine whether activities involving the processing of personal data are carried out in accordance with an organisation s data protection policies and procedures, and whether this processing meets the requirements of the [law]. UK Information Commissioner s Office Assess compliance with the law Assess compliance with entities own policies and procedures Assess gaps and weaknesses Provide information to ensure compliance Ensure awareness Minimise risk Analysing entities and their roles Ascertain data estate names and locations of all entities in each country Purpose of collection - are they controllers or processors data subjects and data recipients - employee, customer, supplier, other) points of collection of data types of data collected basic contact / detailed profile types of systems used manual / electronic notifications / registrations with authorities 13
14 Analysing processes and policies Data processes and policies points / methods of data collection (online / offline / social media) consent / fair processing information how is this communicated? Data retention / destruction websites and terms of use business codes of conduct and policies (data protection; IS/IT; electronic media; portable device policy; whistleblower) contracts of employment and staff manuals staff knowledge and training (DPO / basic) appointments of CPO/DPO Contracts and Codes Audit trans border data flow solutions Audit third party processor contracts Audit permissions from DPA Ensure all policies and procedures comply with local laws (not just data protection e.g. employment laws / monitoring rules) Monitor ongoing changes to company structures (acquisitions / disposals) Changes to data handling practices and notifications (e.g. Outsourcing/Cloud/ CCTV/ vehicle tracking) 14
15 Case Study Stage 4 29 Benefits of a compliance audit Facilitates compliance with the law Measures and helps improve compliance with policies Increases awareness amongst staff and management Elevates data protection to a key part of corporate governance Minimises risk Satisfies insurance requirements Improves trust and customer satisfaction 15
16 Privacy Impact Assessments What? An assessment of the impact of the proposed processing upon individuals personal data Why? A pre-emptive exercise, which seeks to avoid problems arising from new processes When? At the earliest stage when a new system / activity is first proposed For example Centralised HR system hosted outside the EU Use of social media for marketing purposes Use of cookies for targeted advertising Cloud hosted solutions Adoption of bring your own device policy Remote working policy Due diligence in company sale Privacy by design Designing in privacy and data protection compliance to information systems Requires data protection to be a consideration at the outset of a new project Personal data should be protected throughout life cycle collection, storage, disclosure and destruction 16
17 Practical tips trans border transfers of personal data Understand what personal data goes where and why use flowcharts Consider how is the transfer legitimised not the same as the contractual relationship Controller - processor
18 Define the country and group of companies covered by the project Databases Assess existing notifications / authorizations Assess specific client concerns Assess general existing policies and procedures Assess general existing processing operations Purposes Data flows Cookies used? Send country specific audit questionnaire Data transfer agreements When complete Define the required compliance measures Include Review of existing notifications / presenting new notifications Implement / update existing training measures Implement the required compliance measures Define security measures - coordinating with client s IT / Facilities team Compliance bundle Liaise with local counsel Including list of ongoing compliance requirements 35 Case Study Stage
19 For more information on our services, please contact: Robert Bond, BA, CCEP, HonMIEx Partner & Notary Public, +44 (0) Tweet 19
It applies to personal information for individuals that are external to us such as donors, clients and suppliers (you, your).
Our Privacy Policy 1 Purpose Mission Australia is required by law to comply with the Privacy Act 1988 (Cth) (the Act), including the Australian Privacy Principles (APPs). We take our privacy obligations
More informationData Privacy for Multinationals: How to Build and Implement a Compliance Plan
Data Privacy for Multinationals: How to Build and Implement a Compliance Plan Augusta Speiser is responsible for guiding DENTSPLY Internationals efforts relating to ethics and compliance worldwide with
More informationData Privacy for Multinationals: How to Build and Implement a Compliance Plan
Data Privacy for Multinationals: How to Build and Implement a Compliance Plan Augusta Speiser is responsible for guiding DENTSPLY Internationals efforts relating to ethics and compliance worldwide with
More informationControlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:
Page 1 of 6 I. Common Principles and Approaches to Privacy A. A Modern History of Privacy a. Descriptions, definitions and classes b. Historical and social origins B. Types of Information a. Personal information
More information2014 Luxury & Fashion Industry Conference for Multinationals
2014 Luxury & Fashion Industry Conference for Multinationals Privacy, Data Protection, and the Impact of Social Media and Online Behavioral Advertising on the Industry Anna Gamvros, Hong Kong Francesca
More informationDATA PROTECTION POLICY THE HOLST GROUP
DATA PROTECTION POLICY THE HOLST GROUP INTRODUCTION The purpose of this document is to provide a concise policy regarding the data protection obligations of The Holst Group. The Holst Group is a data controller
More informationSafeguards on Personal Data Privacy.
Safeguards on Personal Data Privacy. Peter Koo Partner, Enterprise Risk Services Deloitte Touche Tohmatsu Maverick Tam Associate Director, Enterprise Risk Services Deloitte Touche Tohmatsu Deloitte ERS
More informationEU DATA PRIVACY COMPLIANCE FOR US DRIVEN PROJECTS
EU DATA PRIVACY COMPLIANCE FOR US DRIVEN PROJECTS 18 May 2014 Monica Salgado Portuguese Laywer (Advogada) / Registered European Lawyer Janine Regan Solicitor Monica Salgado Monica is a Portuguese qualified
More informationSCCE ECEI 2014 EU DATA PRIVACY COMPLIANCE FOR US DRIVEN PROJECTS. Monica Salgado JANINE REGAN CIPP/E
EU DATA PRIVACY COMPLIANCE FOR US DRIVEN PROJECTS 18 May 2014 Monica Salgado Portuguese Laywer (Advogada) / Registered European Lawyer Janine Regan Solicitor Monica Salgado Monica is a Portuguese qualified
More informationADMA Briefing Summary March
ADMA Briefing Summary March 2013 www.adma.com.au Privacy issues are being reviewed globally. In most cases, technological changes are driving the demand for reforms and Australia is no exception. From
More informationDeveloping and Implementing Data Protection Law: Malaysia and Beyond
Developing and Implementing Data Protection Law: Malaysia and Beyond Professor Abu Bakar Munir Faculty of Law, University of Malaya Malaysia K&K Advocates - Expert Panel Discussion on Data Protection Jakarta,
More informationTechnology and data privacy Global perspectives
Technology and data privacy Global perspectives Anna Gamvros, Partner, Hong Kong Barbara Li, Partner, Beijing Ryan Berger, Partner, Vancouver 13 September 2018 Agenda Asia privacy developments HK and China
More informationHong Kong s Personal Data (Privacy) Ordinance
Asia Privacy Bridge Forum 11 May 2016 Hong Kong s Personal Data (Privacy) Ordinance Fanny Wong Deputy Privacy Commissioner for Personal Data Hong Kong, China The Personal Data Landscape in Asia 2011 2003
More informationWorkday s Robust Privacy Program
Workday s Robust Privacy Program Workday s Robust Privacy Program Introduction Workday is a leading provider of enterprise cloud applications for human resources and finance. Founded in 2005 by Dave Duffield
More informationU.S. Private-sector Privacy Certification
1 Page 1 of 5 U.S. Private-sector Privacy Certification Outline of the Body of Knowledge for the Certified Information Privacy Professional/United States (CIPP/US ) I. Introduction to the U.S. Privacy
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Introduction The purpose of this document is to provide a concise policy regarding the data protection obligations of Youth Work Ireland. Youth Work Ireland is a data controller
More informationACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION
ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION Document Control Owner: Distribution List: Data Protection Officer Relevant individuals who access, use, store or
More informationGlobal Privacy and Data Protection Risk:
Global Privacy and Data Protection Risk: Implementing Best Practices Now to Comply with Impending Regulatory Changes 15 September 2014 Robert Bond, CCEP Partner and Notary Public Kristy Grant-Hart, CCEP-I
More informationEU data security and privacy trends
EU data security and privacy trends Top issues for HR and global mobility 26 29 October 2014 Disclaimer EY refers to the global organization, and may refer to one or more, of the member firms of Ernst
More informationPS Mailing Services Ltd Data Protection Policy May 2018
PS Mailing Services Ltd Data Protection Policy May 2018 PS Mailing Services Limited is a registered data controller: ICO registration no. Z9106387 (www.ico.org.uk 1. Introduction 1.1. Background We collect
More informationSubject: Kier Group plc Data Protection Policy
Kier Group plc Data Protection Policy Subject: Kier Group plc Data Protection Policy Author: Compliance Document type: Policy Authorised by: Kier General Counsel & Company Secretary Version 3 Effective
More informationPlan a Pragmatic Approach to the new EU Data Privacy Regulation
AmChamDenmark event: EU Compliant & Cyber Resistant Plan a Pragmatic Approach to the new EU Data Privacy Regulation Janus Friis Bindslev, Partner Cyber Risk Services, Deloitte 4 February 2016 Agenda General
More informationVERSION 1.3 MAY 1, 2018 SNOWFLY PRIVACY POLICY SNOWFLY PERFORMANCE INC. P.O. BOX 95254, SOUTH JORDAN, UT
VERSION 1.3 MAY 1, 2018 SNOWFLY PRIVACY POLICY SNOWFLY PERFORMANCE INC. P.O. BOX 95254, SOUTH JORDAN, UT 84095-9998 SNOWFLY PRIVACY POLICY This Privacy Policy describes Snowfly s practices regarding the
More informationGDPR: A QUICK OVERVIEW
GDPR: A QUICK OVERVIEW 2018 Get ready now. 29 June 2017 Presenters Charles Barley Director, Risk Advisory Services Charles Barley, Jr. is responsible for the delivery of governance, risk and compliance
More informationNWQ Capital Management Pty Ltd. Privacy Policy. March 2017 v2
NWQ Capital Management Pty Ltd Privacy Policy March 2017 Page 1 of 8 Privacy and Spam Policy NWQ Capital Management Pty Ltd s Commitment NWQ Capital Management Pty Ltd (NWQ) is committed to providing you
More informationDevelopments in Global Data Protection & Transfer: How They Impact Third-Party Contracts
Developments in Global Data Protection & Transfer: How They Impact Third-Party Contracts Rebecca Eisner Partner +1 312 701 8577 reisner@mayerbrown.com Mark Prinsley Partner +44 20 3130 3900] mprinsley@mayerbrown.com
More informationThis Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ).
PRIVACY POLICY Data Protection Policy 1. Introduction This Data Protection Policy (this Policy ) sets out how Brital Foods Limited ( we, us, our ) handle the Personal Data we Process in the course of our
More informationCOMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2
COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September 2018 Table of Contents 1. Scope, Purpose and Application to Employees 2 2. Reference Documents 2 3. Definitions 3 4. Data Protection Principles
More informationSANMINA CORPORATION PRIVACY POLICY. Effective date: May 25, 2018
SANMINA CORPORATION PRIVACY POLICY Effective date: May 25, 2018 This Privacy Policy (the Policy ) sets forth the privacy principles that Sanmina Corporation and its subsidiaries (collectively, Sanmina
More informationPrivacy and Spam Policy Ten Tigers Grain Marketing Pty Ltd
Privacy and Spam Policy Ten Tigers Grain Marketing Pty Ltd Our Commitment Ten Tigers Grain Marketing Pty Ltd and Ten Tigers Pty Ltd are committed to providing you with the highest levels of client service.
More informationPrivacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information
Privacy Statement Introduction Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information about how IT Support (UK) Ltd handle personal information.
More informationSecure Messaging Mobile App Privacy Policy. Privacy Policy Highlights
Secure Messaging Mobile App Privacy Policy Privacy Policy Highlights For ease of review, Everbridge provides these Privacy Policy highlights, which cover certain aspects of our Privacy Policy. Please review
More informationChanging times in Swiss Data Privacy: new opportunities? Microsoft Security Day 27 April 2017 Clara-Ann Gordon
Changing times in Swiss Data Privacy: new opportunities? Clara-Ann Gordon Which countries have Data Protection Laws? Source: https://www.taylorwessing.com/globaldatahub/risk_map.html Page 2 Different Data
More informationPolicy & Procedure Privacy Policy
NUMBER POL 050 PAGES 12 VERSION V3.8 CREATED: LAST MODIFIED: REVISION: 05/11/2009 06/06/2018 06/06/2019 DOCUMENTS: Authority to Exchange Information Media Authority Student Staff Privacy Agreement REFERENCES:
More informationGENERAL PRIVACY POLICY
GENERAL PRIVACY POLICY Introduction The Australian Association of Consultant Pharmacy Pty Ltd (ACN 057 706 064) (the AACP) is committed to protecting the privacy of your personal information. This privacy
More informationAon Service Corporation Law Global Privacy Office. Aon Client Data Privacy Summary
Aon Client Data Privacy Summary Table of Contents Our Commitment to Data Privacy 3 Our Data Privacy Principles 4 Aon Client Data Privacy Summary 2 Our Commitment to Data Privacy Data Privacy Backdrop As
More informationWebsite and Marketing Privacy Policy
Website and Marketing Privacy Policy In this policy Endemol Shine UK and its group of companies (Company or we) informs you about how we collect, use and disclose personal data from and about you and your
More informationUWC International Data Protection Policy
UWC International Data Protection Policy 1. Introduction This policy sets out UWC International s organisational approach to data protection. UWC International is committed to protecting the privacy of
More informationLast updated 31 March 2016 This document is publically available at
PRIVACY POLICY Last updated 31 March 2016 This document is publically available at http://www.conexusfinancial.com.au/privacy 1. INTRODUCTION This Privacy Policy sets out our commitment to protecting the
More informationPrivacy Policy Effective May 25 th 2018
Privacy Policy Effective May 25 th 2018 1. General Information 1.1 This policy ( Privacy Policy ) explains what information Safety Management Systems, 2. Scope Inc. and its subsidiaries ( SMS ), it s brand
More informationLaw & Policy Meets Data in the Cloud: Data Sovereignty Across Asia. Bernie Trudel Chairman, Asia Cloud Computing Association
Law & Policy Meets Data in the Cloud: Data Sovereignty Across Asia Bernie Trudel Chairman, Asia Cloud Computing Association 1 Data, Regulation, Jurisdiction and Cloud: A New Geography Lesson Cloud Data
More informationProtecting Your Business: Best Practices for Implementing a Legally Compliant Cybersecurity Program Trivalent Solutions Expo June 19, 2014
Protecting Your Business: Best Practices for Implementing a Legally Compliant Cybersecurity Program Trivalent Solutions Expo June 19, 2014 2014, Mika Meyers Beckett & Jones PLC All Rights Reserved Presented
More informationAdkin s Privacy Information Notice for Clients, Contractors, Suppliers and Business Contacts
Adkin s Privacy Information Notice for Clients, Contractors, Suppliers and Business Contacts POLICY STATEMENT Adkin is committed to protecting and respecting the privacy of all of our clients. This Policy
More informationDepartment of Veterans Affairs VA DIRECTIVE April 17, 2006 WEB PAGE PRIVACY POLICY
Department of Veterans Affairs VA DIRECTIVE 6502.3 Washington, DC 20420 Transmittal Sheet WEB PAGE PRIVACY POLICY 1. REASON FOR ISSUE: To establish policy for the Department of Veterans Affairs (VA) for
More informationDATA PROTECTION AND PRIVACY POLICY
DATA PROTECTION AND PRIVACY POLICY Data Protection Act London Capital Group (Cyprus) Limited (LCG) may process information relating to you, including holding such information in a manual format or electronic
More informationThe Australian Privacy Act An overview of the Australian Privacy Principles (APPs) Author: Paul Green
The Australian Privacy Act An overview of the Australian Privacy Principles (APPs) Author: Paul Green INTRODUCTION If you are collecting or processing personal information then you are likely to be required
More informationYou can find a brief summary of this Privacy Policy in the chart below.
In this policy Shine TV Limited with registered office at Shepherds Building Central, Charecroft Way, Shepherds Bush, London, W14 0EE, UK (Company or we) informs you about how we collect, use and disclose
More informationGovernment Privacy. Julie Smith McEwen, CIPP/G, CISSP Principal Information Systems Privacy and Security Engineer
IAPP Privacy Certification Certified Information Privacy Professional/Government (CIPP/G) Government Privacy Julie Smith McEwen, CIPP/G, CISSP Principal Information Systems Privacy and Security Engineer
More informationXpress Super may collect and hold the following personal information about you: contact details including addresses and phone numbers;
65 Gilbert Street, Adelaide SA 5000 Tel: 1300 216 890 Fax: 08 8221 6552 Australian Financial Services Licence: 430962 Privacy Policy This Privacy Policy was last updated on 27 February 2017. Our Commitment
More informationMotorola Mobility Binding Corporate Rules (BCRs)
Motorola Mobility Binding Corporate Rules (BCRs) Introduction These Binding Privacy Rules ( Rules ) explain how the Motorola Mobility group ( Motorola Mobility ) respects the privacy rights of its customers,
More information2. The Information we collect and how we use it: Individuals and Organisations: We collect and process personal data from individuals and organisation
WOSDEC: Privacy Policy West of Scotland Development Education Centre WOSDEC - (We) are committed to protecting and respecting your privacy. This policy sets out how the personal information we collect
More informationDo you handle EU residents personal data? The GDPR update is coming May 25, Are you ready?
European Union (EU) General Data Protection Regulation (GDPR) Do you handle EU residents personal data? The GDPR update is coming May 25, 2018. Are you ready? What do you need to do? Governance and Accountability
More information1. Muscat & Co Mortgage Solutions Ltd - Privacy Notice
1. This Muscat & Co Mortgage Solutions Ltd privacy notice provides information on how we and any of our subsidiaries, and any 3 rd party providers collect, use, secure, transfer and share your information.
More informationData Breach Notification: what EU law means for your information security strategy
Data Breach Notification: what EU law means for your information security strategy Olivier Proust December 8, 2011 Hunton & Williams LLP Key points 1. Introduction 2. Overview of data breach requirements
More informationData Protection Policy
Data Protection Policy Introduction Stewart Watt & Co. is law firm and provides legal advice and assistance to its clients. It is regulated by the Law Society of Scotland. The personal data that Stewart
More informationGeneral Data Protection Regulation (GDPR) Key Facts & FAQ s
General Data Protection Regulation (GDPR) Key Facts & FAQ s GDPR comes into force on 25 May 2018 GDPR replaces the Data Protection Act 1998. The main principles are much the same as those in the current
More informationIslam21c.com Data Protection and Privacy Policy
Islam21c.com Data Protection and Privacy Policy Purpose of this policy The purpose of this policy is to communicate to staff, volunteers, donors, non-donors, supporters and clients of Islam21c the approach
More informationPrivacy Policy First National Group of Independent Real Estate Agents Limited ACN
Privacy Policy First National Group of Independent Real Estate Agents Limited ACN 005 942 192 First National Group of Independent Real Estate Agents Limited 1 Contents Privacy Statement... 3 Overview...
More informationUL and Business Continuity
UL and Business Continuity David Stowe, CBCP Business Continuity Manager APEC EPWG Workshop: Private Sector Emergency Preparedness Hotel Monterey Sendai 3 rd August 2011 2011 Underwriters Laboratories
More informationThe British Museum. Data Protection Code of Practise. 1 Introduction
The Data Protection Code of Practice 1 Introduction 1.1 The 1998 Data Protection Act is aimed at ensuring a balance between individuals rights to privacy and the lawful processing of personal data undertaken
More informationCatalent Inc. Privacy Policy v.1 Effective Date: May 25, 2018 Page 1
Catalent, Inc. Privacy Policy, effective May 25, 2018 1. This Policy This Privacy Policy (this Policy ) is issued by Catalent, Inc. on behalf of itself and its domestic and international subsidiaries and
More informationBuilding Trust in the Cloud Era - Protect, Respect Personal Data
Cloud Expo Asia 18 May 2016 Building Trust in the Cloud Era - Protect, Respect Personal Data Stephen Kai-yi Wong Privacy Commissioner for Personal Data, Hong Kong The Hong Kong Data Protection Law The
More informationLiechtenstein. General I Data Protection Laws. Contributed by Wanger Advokaturbüro. National Legislation. National Regulatory Authority.
Contributed by Wanger Advokaturbüro General I Data Protection Laws National Legislation General data protection laws The Data Protection Act (the DPA ) dated 14 March 2002 and the relevant Ordinance on
More informationData and Cyber Crisis how to manage a crisis and reduce loss. Melissa Russell Special Counsel February 2016
Data and Cyber Crisis how to manage a crisis and reduce loss Melissa Russell Special Counsel February 2016 Introduction cyber risks Most commonly reported types of economic crime from PwC The causes and
More information1 Privacy Statement INDEX
INDEX 1 Privacy Statement Mphasis is committed to protecting the personal information of its customers, employees, suppliers, contractors and business associates. Personal information includes data related
More informationGDPR - Are you ready?
GDPR - Are you ready? Anne-Marie Bohan and Michael Finn 24 March 2018 Matheson Ranked Ireland s Most Innovative Law Firm Financial Times 2017 International Firm in the Americas International Tax Review
More informationUniversity Privacy Campaign. Introduction to the Personal Data (Privacy) Ordinance
University Privacy Campaign Introduction to the Personal Data (Privacy) Ordinance 1 Personal Data (Privacy) Ordinance Legislative Background Personal Data (Privacy) Ordinance came into effect on 20 December
More informationPrivacy Policy GENERAL
Privacy Policy GENERAL This document sets out what information Springhill Care Group Ltd collects from visitors, how it uses the information, how it protects the information and your rights. Springhill
More informationDeloitte Audit and Assurance Tools
Deloitte Audit and Assurance Tools Privacy Statement Last updated: 26 September 2017 Introduction This Privacy Statement applies to our various audit and assurance tools and other related online tools
More informationContributed by Djingov, Gouginski, Kyutchukov & Velichkov
Contributed by Djingov, Gouginski, Kyutchukov & Velichkov General I Data Protection Laws National Legislation General data protection laws The Personal Data Protection Act implemented the Data Protection
More informationPRIVACY NOTICE (TIER 4)
Page: 1 of 6 1. Scope All data subjects whose personal data is collected, in line with the requirements of the GDPR. 2. Responsibilities 2.1 The Data Protection Officer / GDPR Owner is responsible for
More informationPrivacy Policy Wealth Elements Pty Ltd
Page 1 of 6 Privacy Policy Wealth Elements Pty Ltd Our Commitment to you Wealth Elements Pty Ltd is committed to providing you with the highest levels of client service. We recognise that your privacy
More informationCURTIS BANKS LIMITED. Privacy Information Notice. curtisbanks.co.uk
CURTIS BANKS LIMITED Privacy Information Notice curtisbanks.co.uk Contents Section Page 1 Who we are 3 2 Why we need to collect, use and process personal information 3 3 The information we may collect,
More informationThis website is managed by Club Systems International on behalf of the Hoburne and Burry and Knight Groups.
Privacy Policy This website is managed by Club Systems International on behalf of the Hoburne and Burry and Knight Groups. Your privacy is important to us and this Privacy Policy ( Policy ) provides information
More informationPrivacy Policy... 1 EU-U.S. Privacy Shield Policy... 2
Privacy Policy... 1 EU-U.S. Privacy Shield Policy... 2 Privacy Policy knows that your privacy is important to you. Below is our privacy policy for collecting, using, securing, protecting and sharing your
More informationPrivacy Code of Conduct on mhealth apps the role of soft-law in enhancing trust ehealth Week 2016
Privacy Code of Conduct on mhealth apps the role of soft-law in enhancing trust ehealth Week 2016 Pēteris Zilgalvis, J.D., Head of Unit for Health and Well-Being, DG CONNECT Table of Contents 1. Context
More informationPrivacy and Cookies Policy
Sohn Foundation London Privacy and Cookies Policy The Sohn Foundation London (company number: 08075575, charity number: 1148454) is a wholly owned subsidiary of The Ira Sohn Conference Foundation, Inc.
More informationTABLE OF CONTENTS. Page
TABLE OF CONTENTS Page Policy Statement... 1 What kinds of personal information do we collect?... 1 How do we collect and hold personal information?... 1 How do we hold personal information?... 2 Purposes
More informationThe APEC Model. Global Partnership through Regional Initiatives
The APEC Model Global Partnership through Regional Initiatives Tony Beard Office of Transport Security (OTS), Department of Transport and Regional Services (DOTARS), Australia Office of Transport Security
More informationThe Role of SANAS in Support of South African Regulatory Objectives. Mr. Mpho Phaloane South African National Accreditation System
The Role of SANAS in Support of South African Regulatory Objectives Mr. Mpho Phaloane South African National Accreditation System Outline of Presentation INTRODUCTION STATUS OF SANAS TECHNICAL INFRASTRUCTURE
More informationLCU Privacy Breach Response Plan
LCU Privacy Breach Response Plan Sept 2018 Prevention Communication & Notification Evaluation of Risks Breach Containment & Preliminary Assessment Introduction The Credit Union makes every effort to safeguard
More informationHousecall Privacy Statement Statement Date: 01/01/2007. Most recent update 09/18/2009
Housecall Privacy Statement Statement Date: 01/01/2007. Most recent update 09/18/2009 Privacy Policy Intent: We recognize that privacy is an important issue, so we design and operate our services with
More informationAbout the information we collect We collect and process personal data including but not limited to:-
Privacy Policy About us TP Supported Accommodation is responsible for collecting, processing, storing and safe keeping of personal information as part of our business activities. We manage information
More informationIntroduction to the Personal Data (Privacy) Ordinance
Introduction to the Personal Data (Privacy) Ordinance Personal Data (Privacy) Ordinance Legislative Background Personal Data (Privacy) Ordinance came into effect on 20 December 1996 Amendment of the Ordinance
More informationGDPR is coming in less than 2 months Are you ready?
GDPR is coming in less than 2 months Are you ready? Charles-Albert Helleputte Partner, Brussels +32 2 551 5982 chelleputte@mayerbrown.com 30 March 2018 2 GDPR is everywhere... You were invited by UNICEO
More informationJefferies EMEA Privacy Notice
Jefferies International Limited Vintners Place 68 Upper Thames St London United Kingdom Jefferies EMEA Privacy Notice 1. Introduction This Privacy Notice explains what we do with your personal data. It
More informationDEPARTMENT OF JUSTICE AND EQUALITY. Data Protection Policy
DEPARTMENT OF JUSTICE AND EQUALITY Data Protection Policy May 2018 Contents Page 1. Introduction 3 2. Scope 3 3. Data Protection Principles 4 4. GDPR - Rights of data subjects 6 5. Responsibilities of
More informationEU GDPR & ISO Integrated Documentation Toolkit https://advisera.com/eugdpracademy/eu-gdpr-iso integrated-documentation-toolkit
EU GDPR & https://advisera.com/eugdpracademy/eu-gdpr-iso-27001-integrated-documentation-toolkit Note: The documentation should preferably be implemented in the order in which it is listed here. The order
More informationAmbition Training. Privacy Policy
Ambition Training Privacy Policy Privacy Protection Ambition Training is a Registered Training Organisation with responsibility for delivering vocational education and training. Ambition Training collects
More informationPrivacy Law Doing Business In Canada
Privacy Law Doing Business In Canada Does Canada Have Privacy Legislation? Federal Legislation Canada has a comprehensive legal framework that governs the collection, retention, use and disclosure of the
More informationPrivacy and Data Protection: Practical Approaches to Risk Assessment and Management
Privacy and Data Protection: Practical Approaches to Risk Assessment and Management SCCE 11 th Annual Compliance & Ethics Institute October 16, 2012 About Us Marti Arvin JD, CHC-F, CPC, CCEP-F, CHRC, CHPC
More informationPrivacy and Data Protection: Practical Approaches to Risk Assessment and Management
Privacy and Data Protection: Practical Approaches to Risk Assessment and Management SCCE 11 th Annual Compliance & Ethics Institute October 16, 2012 About Us Marti Arvin JD, CHC-F, CPC, CCEP-F, CHRC, CHPC
More informationDATA PRIVACY & PROTECTION POLICY POLICY INFORMATION WE COLLECT AND RECEIVE. Quality Management System
DATA PRIVACY & PROTECTION POLICY POLICY This Data Privacy & Protection Policy applies to ELMO Software Limited s Cloud HR & Payroll applications and platform (collectively, the Services ), elmosoftware.com.au
More informationGeneral Data Protection Regulation (GDPR)
BCD Travel s Response to the EU General Data Protection Regulation (GDPR) November 2017 Page 1 Response to the EU GDPR Copyright 2017 by BCD Travel N.V. All rights reserved. November 2017 Copyright 2017
More informationSecurity Breach Notification Reflections on the U.S. Experience
Compliance & Regulatory Matters Data Privacy Security Breach Notification Reflections on the U.S. Experience Bojana Bellamy Director of Data Privacy Accenture Brief History of Breach Notification Laws
More informationHOW WE USE YOUR INFORMATION
HOW WE USE YOUR INFORMATION Herold Mediatel Ltd compiles the Gibraltar Telephone Directory on behalf of Gibtelecom. Every care is taken to render this Directory as accurate as possible but neither Herold
More informationWorld Wide Jobs Ltd t/a Findmyexpert.com Privacy Policy 12 th April 2018
World Wide Jobs Ltd t/a Findmyexpert.com Privacy Policy 12 th April 2018 We understand that you are aware of and care about your own personal privacy interests and we take that seriously. This Privacy
More informationData Protection Policy
Data Protection Policy Addressing the General Data Protection Regulation (GDPR) 2018 [EU] and the Data Protection Act (DPA) 2018 [UK] For information on this Policy or to request Subject Access please
More informationData Protection Policy
Introduction In order to; provide education, training, assessment and qualifications to its customers and clients, promote its services, maintain its own accounts and records and support and manage its
More informationG8 Lyon-Roma Group High Tech Crime Subgroup
G8 Lyon-Roma Group High Tech Crime Subgroup In October 2009, a series of recommendations for amendments to ICANN s Registrar Accreditation Agreement (RAA) was proposed to ICANN by law enforcement agencies
More information