IFIP - FIDIS Summer School
|
|
- Garry Rodgers
- 5 years ago
- Views:
Transcription
1 IFIP - FIDIS Summer School Privacy-Friendly Identity Management in egovernment Xavier Huysmans K.U.Leuven ICRI
2 Objective of this talk Explaining legal drivers for Privacy-Friendly Identity Management in egovernment 2
3 Agenda What is egovernment? What is organizational Identity Management? Limitation of current privacy research An alternative 3
4 Agenda What is egovernment? 4
5 In essence: it is the optimization of government services and governance by transforming internal and external relationships through IT 5
6 In other words: not this 6
7 But this: cooperation with respect for each others competence: one virtual government integration of back-offices semantic, functional, technical interoperability, common identifiers client centric reengineering of service delivery within and across government levels good information management think global, act local respect for the law, especially data protection, privacy and IT regulation measures to prevent a digital divide security framework, access control, authentication mechanisms 7
8 One virtual government customers citizens companies suppliers intermediaries employees Based on slide by Frank Robben, KSZ partners PORTAL A single sign on personalization user groups multi-channel aggregation PORTAL B single sign on personalization user groups multi-channel aggregation business back-end directory content content directory intelligence systems, e.g. management management ERP groupware DB s applications FIDIS - Future of Identity in the back-end systems, e.g. ERP groupware DB s applications 8 business intelligence
9 Integration of back-offices Municipality Service integrator (Corve, Easi-Wal, ) Services repository RPS Extranet Extranet region region or or commmunity commmunity Internet Internet RPS FPS ASS Services repository Extranet social sector Based on slide by Frank Robben, KSZ ASS Service integrator (CBSS) ASS Services repository VPN, VPN, Publilink, Publilink, VERA, VERA, FEDMAN FEDMAN City Province FPS Services repository FPS Service integrator (FEDICT) 9
10 Agenda What is egovernment? What is organizational Identity Management? Limitations of current privacy research Alternatives 20
11 Agenda What is egovernment? What is organizational Identity Management? 21
12 Organizational IDM Health Care M. Hansen ICPP Legend: Alice Government Birthday Birthplace Tax Status Phone Number Blood Group Health Status Name Address Interests Credit Rating Work Telecommunication Insurance Good- Conduct Certificate Identities Income Age Management Diary Cellphone Number Foreign Languages Likes & Dislikes Driving Licence Shopping Payment Travel MasterCard Diners Club Identity of Alice Boyfriend Bob Partial Identity of Alice Leisure 23
13 Organizational IDM IDM is: the definition, designation and administration of identity attributes as well as the administration of the choice of the partial identity to be (re-) used in a specific context, to manage the access to and the usage of online applications, services and resources. It includes: the management of identity attributes by: their owners (user-side IDM) and/or those parties with whom the owners interact (services-side IDM). 24
14 Organizational IDM Type 1 Account Management: assigned identity by organisation Type 2 Profiling: derived identity by organisation Type 3 Management of own identities: chosen identity by user himself supported by service providers FIDIS D2.3, D3.1 There are hybrid systems. 25
15 Organizational IDM Authentication Who are you? Prove it! Privacy & Integrity Federation Encryption & Digital signatures Access allowed? Availability Authorization Institution A Institution B Based on slide from Witheridge & Vullings, MAMS project 27
16 Organizational IDM SP s SP sback office office services services Context 1 1. Request: fetch all identifiers that match XXX 2. Response: all identifiers that match XXX Own data repository Key: an identifier Value: attribute 10. Response: attributes for identifier I 3. Request: give me identifier I s attributes Context 2 Audit trail Audit Other Other SP s SP sback office 8. Fetch attributes for identifier I office services 9. Attributes for identifier I 4. Genuine request? Authentication E.g.: CRL Distributor, OCSP Responder, 5. OK 6. Is this an authorized service? 7. OK Authorization Key: service identifier Value: roles & mandate Authentic Copy Mediator Integrator Authentic Source IBBT- IDEM project,
17 Organizational IDM User Policy retrieval Action on application DENIED Action on application Policy Enforcement (PEP) Decision request Decision reply Policy Decision (PDP) Action on application PERMITTED Application Information request/ reply Figure by Frank Robben, KSZ Information request/ reply Manager Policy management Policy Administration ( PAP) Policy Information (PIP) Policy Information (PIP) Policy repository Authentic source Authentic source 33
18 Agenda What is egovernment? What is organizational Identity Management? Limitations of current privacy research Alternatives 34
19 Agenda What is egovernment? What is organizational Identity Management? Limitations of current privacy research 35
20 Privacy and IDM Drivers for privacy by design Natural people should be helped to protect themselves from undesired identification and profiling, and, generally, to enforce their privacy and data protection rights. When identification is always required, it is possible that even though a number of data interconnections are not authorized, or illegal, they will take place anyway risk Trust relationships have to do with much more than identification, and identification is certainly not always necessary data minimization The access to services is not granted on the basis of identification, but on the basis of a capacity or competence authorization 40
21 Privacy and IDM Drivers for privacy by design 41
22 Privacy and IDM Current research user- controlled context- dependent role and pseudonym management (FIDIS type 3) User Trusted area Supporting device and / or supporting party Contextdependent pseudonyms Marit Hansen, ICPP 42
23 Privacy and IDM An application is designed in a (perfectly) privacyenhancing (PE) identity management enabling way if, in addition of being compliant with data protection regulation, neither the pattern of sending/receiving messages nor the attributes given to entities (i.e., natural and legal persons, computers) imply more linkability than is strictly necessary to achieve the purposes of the application. 43
24 Privacy and IDM But is PE IDM a requirement? Privacy is a relative human right other important rights limit the right to privacy, e.g., the public interest (especially in egovernment) Complying to data protection does not necessarily require anonymity, nor pseudonymity and certainly not user-centricity. We could theoretically cope with the liability and other risks by other measures, without privacy by design (e.g., insurances) Anonymous/pseudonymous online transactions require a complex and thus costly, well functioning privacy enhanced identity management infrastructure < cost-reduction, < effectiveness, < user experience etc. Is PE-IDM an obligation for the data controller? 44
25 Agenda What is egovernment? What is organizational Identity Management? Limitations of current privacy research Alternatives 45
26 Agenda What is egovernment? What is organizational Identity Management? Limitations of current privacy research Alternatives 46
27 Privacy and IDM in egov In egovernment, the answer seems to be no no obligation for PE IDM as the default position for all government data exchange in egovernment Why? why imposing more limitations than strictly necessary? (> privacy = < efficiency?) only user-control where really necessary only different identifiers where really necessary Result no privacy by design in egovernment? Is there an alternative to PE IDM? 47
28 Privacy and IDM in egov A privacy friendly IDM system addresses the interest of the individual in controlling, or at least significantly influencing the processing of data about him/her-self and complies with the applicable privacy and data protection regulation It is thus: not necessarily user-centric not necessarily focused on pseudonym management 48
29 Privacy and IDM in egov Example where it can be non-user-centric: The Belgian Crossroads Bank for Social Security: organizational IDM (FIDIS type 1), used inter alia for account and resource provisioning, access control etc. data is only accessible and exchangeable with thereto authorized entities, upon submission of an authorization by (a subcommittee of the Belgian privacy commission. 49
30 Privacy and IDM in egov Pseudonym management is, for example necessary in egovernment: because of the privacy sensitivity of certain data because the data processing requires this type of investment health data, judicial data 50
31 Privacy and IDM in egov Audit Authentication Authorization User s User s Service S EAR EAR 1 Attributes Authorization Context 1 User s User s Service T Context 2 EAR EAR 2 Attribute Conversion Service Audit Attributes Authentication E.g.: Re-use of administrative data Automatically granting of rights IBBT- IDEM project, 2005 Authorization FIDIS - Future of Identity Audit in the Attributes Authentication 51
32 Privacy and IDM in egov However, in all other cases pseudonym management is not necessary the focus could, for example lay on: technical enforcement of authorizations via privacy policy enforcement (e.g., extension of XACML) transparency, e.g., via monitoring and pushing information about data processing back to the data subject 52
33 Privacy and IDM in egov Arguments for privacy by design developed in the paper: Objective risk liability (art. 23 DP Directive) controller is responsible when processing is not compatible with DP regulation) Obligation to take all appropriate measures given state of the art and nature of data, cost data processing (art. 17 DP Directive) Privacy protection is part of DP regulation (art. 1 DP Directive) 53
34 Privacy and IDM in egov Own considerations: access control is already being implemented in egovernment extra privacy layer/filtering is not disproportionate avoiding data processing in other contexts is a minimum-requirement e.g. Belgian eid one step to far (!) transparency, monitoring has to be done anyway, for security purposes not disproportionate to require data that relates to the processing of the personal data, put that info in the logs and push it back to the data subject static: what info about me in authentic sources dynamic: what info is being consulted by whom for what purposes? 54
35 TACK! [e] [e] [t] [f]
36 Bibliography F. ROBBEN, Service oriented E-government in the Belgian social sector, available at: 23 June 2005, last visited: 12 April F. ROBBEN, Naar een dienstgeoriënteerde architectuur en het gemeenschappelijk gebruik van basisdiensten, available at: 4 July 2006, last visited: 22 October M. MACDONALD, Data Registries Comparison Report, available at: March 2003, last visited: 20 August M. MEINTS, Fidis D2.3 and D3.1, available at: September 2005, last visited: 23 September N. WITHERIDGE and E. VULLINGS, MAMS Roadshow, available at: %20MAMS%20Roadshow.ppt/download, 9 March 2005, last visited: 15 May (mainly presentations by D. De Cock). 56
in a National Service Delivery Model 3 rd Annual Privacy, Access and Security Congress October 4, 2012
Identity Management and Federation of Identity in a National Service Delivery Model 3 rd Annual Privacy, Access and Security Congress October 4, 2012 HRSDC - National Service Delivery HRSDC and its service
More informationeidas Regulation in the context of Cybersecurity: Electronic seals and website certificates: Two sides of a (gold) medal?
eidas Regulation in the context of Cybersecurity: Electronic seals and website certificates: Two sides of a (gold) medal? public 1 AGENDA 1. eidas Strategic View 2. Website Certificates 3. Electronic Seals
More informationInteragency Advisory Board HSPD-12 Insights: Past, Present and Future. Carol Bales Office of Management and Budget December 2, 2008
Interagency Advisory Board HSPD-12 Insights: Past, Present and Future Carol Bales Office of Management and Budget December 2, 2008 Importance of Identity, Credential and Access Management within the Federal
More informationIdentity Management Systems An Overview. IST Event 2004 /
IST Event 2004 / 15.11.2004 Marit Hansen / Henry Krasemann Unabhängiges Landeszentrum für Datenschutz // Independent Centre for Privacy Protection Schleswig-Holstein, Germany Overview Identity Management
More informationNYSVMS WEBSITE PRIVACY POLICY
Your Privacy Rights Effective Date: June 16, 2016 NYSVMS WEBSITE PRIVACY POLICY The New York State Veterinary Medical Society, Inc. and its affiliates ( NYSVMS, we, and us ) recognize the importance of
More informationTrusted Identities That Drive Global Commerce
Trusted Identities That Drive Global Commerce For information of the BCS/EEMA Community A truly Federated Trust Network - Building upon core competences of the worlds banks & payments systems Governance
More informationNEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE
COMPLIANCE ADVISOR NEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE A PUBLICATION BY THE EXCESS LINE ASSOCIATION OF NEW YORK One Exchange Plaza 55 Broadway 29th Floor New York, New York 10006-3728 Telephone:
More informationElectronic ID at work: issues and perspective
Electronic ID at work: issues and perspective Antonio Lioy < lioy @ polito.it > Politecnico di Torino Dip. Automatica e Informatica Why should I have/use an (e-) ID? to prove my identity to an "authority":
More informationCERTIFICATE POLICY CIGNA PKI Certificates
CERTIFICATE POLICY CIGNA PKI Certificates Version: 1.1 Effective Date: August 7, 2001 a Copyright 2001 CIGNA 1. Introduction...3 1.1 Important Note for Relying Parties... 3 1.2 Policy Identification...
More informationDATA PROCESSING TERMS
DATA PROCESSING TERMS Safetica Technologies s.r.o. These Data Processing Terms (hereinafter the Terms ) govern the rights and obligations between the Software User (hereinafter the User ) and Safetica
More informationIdentität und Autorisierung als Grundlage für sichere Web-Services. Dr. Hannes P. Lubich IT Security Strategist
Identität und Autorisierung als Grundlage für sichere Web-Services Dr. Hannes P. Lubich IT Security Strategist The Web Services Temptation For every $1 spent on software $3 to $5 is spent on integration
More informationElectronic signature framework
R E P U B L I C O F S E R B I A Negotation Team for the Accession of Republic of Serbia to the European Union Working Group for Chapter 10 Information society and media Electronic signature framework Contents
More informationngenius Products in a GDPR Compliant Environment
l FAQ l ngenius Products in a GDPR Compliant Environment This document addresses questions from organizations that use ngenius Smart Data Core platform and application products and are evaluating their
More informationTop Five Privacy and Data Security Issues for Nonprofit Organizations
Top Five Privacy and Data Security Issues for Nonprofit Organizations Julia K. Tama, Esq. Jeffrey S. Tenenbaum, Esq. Association of Corporate Counsel Nonprofit Organizations Committee Legal Quick Hit MAY
More informationEmsi Privacy Shield Policy
Emsi Privacy Shield Policy Scope The Emsi Privacy Shield Policy ( Policy ) applies to the collection and processing of Personal Data that Emsi obtains from Data Subjects located in the European Union (
More informationData Privacy in the Cloud E-Government Perspective
Data Privacy in the Cloud E-Government Perspective Herbert Leitold; EGIZ, A-SIT International Cloud Symposium 2011, Panel on Data Privacy and the Role Policy Plays in Defining Trust Requirements Ditton
More informationGDPR compliance. GDPR preparedness with OpenText InfoArchive. White paper
White paper GDPR preparedness with OpenText InfoArchive The new EU privacy law, GDPR, will be in effect in less than a year. OpenText has the solutions to help you prepare and comply to this new law. Contents
More informationDigital (Virtual) Identities in Daidalos and beyond. Amardeo Sarma NEC Laboratories Europe
Digital (Virtual) Identities in Daidalos and beyond Amardeo Sarma NEC Laboratories Europe Who wants to pay for more Bandwidth? More Access Bandwidth? No one pays extra for volume or time plain usage is
More informationPrivacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information
Privacy Statement Introduction Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information about how IT Support (UK) Ltd handle personal information.
More informationNYDFS Cybersecurity Regulations
SPEAKERS NYDFS Cybersecurity Regulations Lisa J. Sotto Hunton & Williams LLP (212) 309-1223 lsotto@hunton.com www.huntonprivacyblog.com March 9, 2017 The Privacy Team at Hunton & Williams Over 30 privacy
More informationNew York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines
New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities
More informationCan eid card make life easier and more secure? Michal Ševčík Industry Solution Consultant Hewlett-Packard, Slovakia ITAPA, November 9 th, 2010
Can eid card make life easier and more secure? Michal Ševčík Industry Solution Consultant Hewlett-Packard, Slovakia ITAPA, November 9 th, 2010 Content eid Primary Functions eid Privacy Features and Security
More informationKenex (Electro-Medical) Limited. Privacy Statement. Kenex (Electro-Medical) Limited (Kenex) have been in business for over 40 years and have
Kenex (Electro-Medical) Limited Privacy Statement Kenex (Electro-Medical) Limited (Kenex) have been in business for over 40 years and have established a reputation for providing high quality, well designed
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name: Conestoga College Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More informationE-Government Master Plan and the Integrated Government Philippines Project
E-Government Master Plan and the Integrated Government Philippines Project EXECUTIVE ORDER No. 47 Ensure the provision of efficient and effective information and communications technology infrastructure,
More informationUsing Blockchain for Consent and Access to Private and Sensitive Data in the GDPR Environment
Using Blockchain for Consent and Access to Private and Sensitive Data in the GDPR Environment Gary Leeming, Chief Technology Officer Connected Health Cities, University of Manchester 1 Connected Health
More informationHF Markets SA (Pty) Ltd Protection of Personal Information Policy
Protection of Personal Information Policy Protection of Personal Information Policy This privacy statement covers the website www.hotforex.co.za, and all its related subdomains that are registered and
More informationPrivacy Notice - Stora Enso s Supplier and Stakeholder Register. 1 Purpose
Privacy Notice - Stora Enso s Supplier and Stakeholder Register Date 29.1.2018 1 Purpose Purpose of this privacy notice is to provide the persons communicating with Stora Enso in the role of a supplier
More informationIdentity Management. Identity Management Bart Preneel. Finse, Norway, April Outline. What is Identity Management (IDM)?
Diners Club Management Outline Management Prof. COSIC Katholieke Universiteit Leuven, Belgium Bart.Preneel(at)esat.kuleuven.be http://homes.esat.kuleuven.be/~preneel April 2010 What is management? ID management
More informationSecuring your Standards Based Services. Rüdiger Gartmann (con terra GmbH) Satish Sankaran (Esri)
Securing your Standards Based Services Rüdiger Gartmann (con terra GmbH) Satish Sankaran (Esri) Agenda What are your security goals? Access control Standards and interoperability User management and authentication
More informationThe Australian Privacy Act An overview of the Australian Privacy Principles (APPs) Author: Paul Green
The Australian Privacy Act An overview of the Australian Privacy Principles (APPs) Author: Paul Green INTRODUCTION If you are collecting or processing personal information then you are likely to be required
More informationDeveloping Issues in Breach Notification and Privacy Regulations: Risk Managers Are you having the right conversation with the C Suite?
Developing Issues in Breach Notification and Privacy Regulations: Risk Managers Are you having the right conversation with the C Suite? Minnesota RIMS 39 th Annual Seminar Risk 2011-2012: Can You Hack
More informationA long and rocky road
A long and rocky road Luxembourg s Government path towards true Web Accessibility Presentation at Funka s Accessibility Days on 10 April 2019 in Stockholm Table of contents 1. Context 2. Short history
More informationEnterprise Identity Management 101. Phillip J. Windley Brigham Young University
Enterprise Identity Management 101 Phillip J. Windley Brigham Young University phil@windley.com www.windley.com 1 Digital Identity Matters Rifkin on service economy and what it portends for identity: commercial
More informationTERMS AND CONDITIONS OF PROVIDING ELECTRONIC SERVICES. 1. General provisions
TERMS AND CONDITIONS OF PROVIDING ELECTRONIC SERVICES 1. General provisions 1. Under Article 8.1.1 of the Polish Law of 18 July 2002 on the Provision of Electronic Services (Journal of Laws of 2016, item
More informationEfficient, broad-based solution for a Swiss digital ID
Press release November 21, 2017 Government and private sector produce joint solution Efficient, broad-based solution for a Swiss digital ID The people of this country should have a simple, secure and unambiguous
More informationFAMHP Portal - User manual
FAMHP Portal - User manual 1. Introduction... 2 2. Having a "Chief Access Manager" (CAM)... 3 2.1 Who can be a Chief Access Manager (CAM)?... 3 2.2 How to appoint a Chief Access Manager (CAM)?... 3 2.2.1
More informationCertification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure
Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure 1.0 INTRODUCTION 1.1 Overview The Federal Reserve Banks operate a public key infrastructure (PKI) that manages
More informationCreating NIS Compliant Country in a Non-Regulated Environment. Jurica Čular
Creating NIS Compliant Country in a Non-Regulated Environment Jurica Čular (jcular@zsis.hr) What NIS actually is? NIS Directive NIS Network Information Security Directive EU Cyber Security Policy Mandatory
More informationING Public Key Infrastructure Technical Certificate Policy
ING Public Key Infrastructure Technical Certificate Policy Version 5.4 - November 2015 Commissioned by ING PKI Policy Approval Authority (PAA) Additional copies Document version General Of this document
More informationPAA PKI Mutual Recognition Framework. Copyright PAA, All Rights Reserved 1
PAA PKI Mutual Recognition Framework Copyright PAA, 2009. All Rights Reserved 1 Agenda Overview of the Framework Components of the Framework How It Works Other Considerations Questions and Answers Copyright
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Participant Name:_Unversity of Regina Canadian Access Federation: Trust Assertion Document (TAD) 1. Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert
More informationPrivacy and Identity Management for Life. Lifelong Privacy
Privacy and Identity Management for Life 1 Lifelong Privacy 100 years: The world will change a lot and, in particular, ICT will change and each individual s appreciation of privacy will change several
More informationGeneral Data Protection Regulation (GDPR)
BCD Travel s Response to the EU General Data Protection Regulation (GDPR) November 2017 Page 1 Response to the EU GDPR Copyright 2017 by BCD Travel N.V. All rights reserved. November 2017 Copyright 2017
More informationSOA-20: The Role of Policy Enforcement in SOA Management
SOA-20: The Role of Policy Enforcement in SOA Management Phil Walston VP Product Management Layer 7 Technologies Overview Discuss policy in SOA, the role of Policy Enforcement Points and where this fits
More informationSANMINA CORPORATION PRIVACY POLICY. Effective date: May 25, 2018
SANMINA CORPORATION PRIVACY POLICY Effective date: May 25, 2018 This Privacy Policy (the Policy ) sets forth the privacy principles that Sanmina Corporation and its subsidiaries (collectively, Sanmina
More informationGDPR AMC SAAS AND HOSTED MODULES. UK version. AMC Consult A/S June 26, 2018 Version 1.10
GDPR AMC SAAS AND HOSTED MODULES UK version AMC Consult A/S June 26, 2018 Version 1.10 INDEX 1 Signatures...3 2 General...4 3 Definitions...5 4 Scoping...6 4.1 In scope...6 5 Responsibilities of the data
More informationTAS 3 Architecture. Sampo Kellomäki Symlabs , ServiceWave, Stockholm
TAS 3 Architecture Sampo Kellomäki (sampo@symlabs.com), Symlabs 23.11.2009, ServiceWave, Stockholm The research leading to these results has received funding from the European Community s Seventh Framework
More informationeid Applications Cross Border Authentication
eid Applications Cross Border Authentication 07 November 2017 Mr. Gary Yeung, MH Hon Secretary Chairman, eid Committee Smart City Consortium Smart City Consortium Background What is Smart City Consortium?
More informationCHAPTER 13 ELECTRONIC COMMERCE
CHAPTER 13 ELECTRONIC COMMERCE Article 13.1: Definitions For the purposes of this Chapter: computing facilities means computer servers and storage devices for processing or storing information for commercial
More informationPrivacy Impact Assessment (PIA) Tool
Privacy Impact Assessment (PIA) Tool 1 GENERAL Name of Public Body: PIA Drafter: Email/Contact: Program Manager: Email/Contact: Date (YYYY-MM-DD) In the following questions, delete the descriptive text
More informationGeneral Data Protection Regulation Frequently Asked Questions (FAQ) General Questions
General Data Protection Regulation Frequently Asked Questions (FAQ) This document addresses some of the frequently asked questions regarding the General Data Protection Regulation (GDPR), which goes into
More informationGDPR RECRUITMENT POLICY
> General characteristics Company Credendo Export Credit Agency Date 12/12/2018 Version 1.2 Classification Public Status Final Document reference GDPR Recruitment Policy Revision frequency Ad hoc Document
More informationPersonal Data collected for the following purposes and using the following services: Personal Data: address, first name and last name
Privacy Policy This Application collects some Personal Data from its Users. POLICY SUMMARY Personal Data collected for the following purposes and using the following services: Contacting the User Contact
More informationEconomic and Social Council
United Nations Economic and Social Council ECE/TRANS/WP.29/2017/46 Distr.: General 23 December 2016 Original: English Economic Commission for Europe Inland Transport Committee World Forum for Harmonization
More informationCall for Expressions of Interest
Call for Expressions of Interest ENISA M/CEI/17/T01 Experts for assisting in the implementation of the annual ENISA Work Programme TECHNICAL DESCRIPTION CONTENTS TECHNICAL DESCRIPTION... 3 1. INTRODUCTION...
More informationMOTION FOR A RESOLUTION
European Parliament 2014-2019 Plenary sitting B8-0155/2019 6.3.2019 MOTION FOR A RESOLUTION to wind up the debate on the statements by the Council and the Commission pursuant to Rule 123(2) of the Rules
More informationSERVICE DESCRIPTION. Population Register Centre s online services
SERVICE DESCRIPTION Population Register Centre s online services SERVICE DESCRIPTION [Number] 2 (12) DOCUMENT MANAGEMENT Owner Author Checked by Approved by Pauli Pekkanen Project Working Group Reko-Aleksi
More informationFIRESOFT CONSULTING Privacy Policy
FIRESOFT CONSULTING Privacy Policy FIRESOFT CONSULTING abides by the Australian Privacy Principles ( APPs ), which provides relative information to businesses in relation to the collection, disclosure,
More informationIt applies to personal information for individuals that are external to us such as donors, clients and suppliers (you, your).
Our Privacy Policy 1 Purpose Mission Australia is required by law to comply with the Privacy Act 1988 (Cth) (the Act), including the Australian Privacy Principles (APPs). We take our privacy obligations
More informationWHITE PAPER. OAuth A new era in Identity Management and its Applications. Abstract
WHITE PAPER OAuth A new era in Identity Management and its Applications Abstract OAuth protocol is a standard which allows end users to share their web resources with the third-party applications without
More informationContent. Privacy Policy
Content 1. Introduction...2 2. Scope...2 3. Application...3 4. Information Required...3 5. The Use of Personal Information...3 6. Third Parties...4 7. Security...5 8. Updating Client s Information...5
More informationDocument Cloud (including Adobe Sign) Additional Terms of Use. Last updated June 5, Replaces all prior versions.
Document Cloud (including Adobe Sign) Additional Terms of Use Last updated June 5, 2018. Replaces all prior versions. These Additional Terms govern your use of Document Cloud (including Adobe Sign) and
More informationNIPPON VALUE INVESTORS DATA PROTECTION POLICY
NIPPON VALUE INVESTORS DATA PROTECTION POLICY INTRODUCTION Nippon Value Investors KK and Nippon Value Investors, Inc. (together NVI ) are committed to protecting the privacy of individuals whose data they
More informationData Use and Reciprocal Support Agreement (DURSA) Overview
Data Use and Reciprocal Support Agreement (DURSA) Overview 1 Steve Gravely, Troutman Sanders LLP Jennifer Rosas, ehealth Exchange Director January 12, 2017 Introduction Steve Gravely Partner and Healthcare
More informationPrivacy Policy: itsme APP
Privacy Policy: itsme APP This privacy policy applies to the itsme Application (hereafter the itsme App or the App) developed by Belgian Mobile ID SA/NV (the Privacy Policy). The itsme App (the App) allows
More informationRBC Royal Bank Online Application Terms and Conditions
RBC Royal Bank Online Application Terms and Conditions Please review the following RBC Royal Bank Online Application Terms and Conditions (the Terms and Conditions ). You must read them, check the tick
More informationBetween 1981 and 1983, I worked as a research assistant and for the following two years, I ran a Software Development Department.
Application for the post of the Executive Director of the European Network and Information Security Agency (ENISA) Udo Helmbrecht Presentation to the ENISA Management Board in Brussels on April 3 rd 2009
More informationIndividual Agreement. commissioned processing
Individual Agreement commissioned processing (in the following: AGREEMENT) Between 1. - Address owner / Controller - and 2. - Service provider / Processor - As of: 09/2017, Page 2 of 12 The following provisions
More informationData Governance: Data Usage Labeling and Enforcement in Adobe Cloud Platform
Data Governance: Data Usage Labeling and Enforcement in Adobe Cloud Platform Contents What is data governance? Why data governance? Data governance roles. The Adobe Cloud Platform advantage. A framework
More informationChronos Fitness, Inc. dba Chronos Wearables, 1347 Green St. San Francisco CA 94109,
Privacy Policy Of Chronos Wearables This Application collects some Personal Data from its Users. Data Controller and Owner Chronos Fitness, Inc. dba Chronos Wearables, 1347 Green St. San Francisco CA 94109,
More informationGovernmentOnline Gatekeeper The Government s Public Key Infrastructure
Gatekeeper The Government s Public Key Infrastructure Peter Anderson General Manager GPKI Branch Office for Government Online 30 June 2000 Why? Consumer and business demand Over 6 million users (Nov 99)
More informationPriv ac y Policy. Last upda ted:
Priv ac y Policy Last upda ted: 05.2014 This Privacy Policy describes the policies and procedures of ZET / Adrian Zingg / ZetApps and any subsidiaries and affiliated entities (together, Company, we or
More informationGDPR: A QUICK OVERVIEW
GDPR: A QUICK OVERVIEW 2018 Get ready now. 29 June 2017 Presenters Charles Barley Director, Risk Advisory Services Charles Barley, Jr. is responsible for the delivery of governance, risk and compliance
More informationThe GDPR and NIS Directive: Risk-based security measures and incident notification requirements
The GDPR and NIS Directive: Risk-based security measures and incident notification requirements Adrian Ross LLB (Hons), MBA GRC Consultant IT Governance Ltd 4 May 2017 Introduction Adrian Ross GRC consultant
More informationeidas Regulation eid and assurance levels Outcome of eias study
eidas Regulation eid and assurance levels Outcome of eias study Dr. Marijke De Soete Security4Biz (Belgium) ETSI eidas Workshop 24 June 2015 Sophia Antipolis eidas Regulation Regulation on electronic identification
More informationData Compromise Notice Procedure Summary and Guide
Data Compromise Notice Procedure Summary and Guide Various federal and state laws require notification of the breach of security or compromise of personally identifiable data. No single federal law or
More informationYou are signing up to use the Middlesex Savings Bank Person to Person Service powered by Acculynk that allows you to send funds to another person.
Middlesex Bank Person to Person Service You are signing up to use the Middlesex Savings Bank Person to Person Service powered by Acculynk that allows you to send funds to another person. This Agreement
More informationIdentity and capability management and federation
Identity and capability management and federation The need to manage identities - 1 Increment of digital identity complexity Password, dynamic password, one-time password, based on portable secure devices
More informationTechnical Overview. Version March 2018 Author: Vittorio Bertola
Technical Overview Version 1.2.3 26 March 2018 Author: Vittorio Bertola vittorio.bertola@open-xchange.com This document is copyrighted by its authors and is released under a CC-BY-ND-3.0 license, which
More informationECA Trusted Agent Handbook
Revision 8.0 September 4, 2015 Introduction This Trusted Agent Handbook provides instructions for individuals authorized to perform personal presence identity verification of subscribers enrolling for
More informationData Processing Agreement
In accordance with the European Parliament- and Council s Directive (EU) 2016/679 of 27th April 2016 (hereinafter GDPR) on the protection of physical persons in connection with the processing of personal
More informationThe HIPAA Omnibus Rule
The HIPAA Omnibus Rule What You Should Know and Do as Enforcement Begins Rebecca Fayed, Associate General Counsel and Privacy Officer Eric Banks, Information Security Officer 3 Biographies Rebecca C. Fayed
More information1. Publishable Summary
1. Publishable Summary 1.1Project objectives and context Identity management (IdM) has emerged as a promising technology to distribute identity information across security domains. In e-business scenarios,
More informationFACTS WHAT DOES FARMERS STATE BANK DO WITH YOUR PERSONAL INFORMATION? WHY? WHAT? HOW? L QUESTIONS?
FACTS WHAT DOES FARMERS STATE BANK DO WITH YOUR PERSONAL INFORMATION? WHY? WHAT? HOW? Financial companies choose how they share your personal information. Federal law gives consumers the right to limit
More informationThe ehealth platform
SLA Service Level Agreement Basic service: User Access Management (UAM) Version 2.0 August 2011 This document is provided to you free of charge by The ehealth platform Willebroekkaai 38 1000 BRUSSELS To
More informationGateway Certification Authority pilot project
Results of the IDABC Bridge / Gateway Certification Authority pilot project Gzim Ocakoglu Commission Enterprise and Industry Directorate General ITAPA Congress Bratislava, 22 November 2005 1 Outline Introduction
More informationDIGITAL AGENDA FOR EUROPE
DIGITAL AGENDA FOR EUROPE Talk overview Background Institutional framework Administrative capacities Electronic Communications Strategy, Information Society Strategy Current and future activities. Background
More informationPRIVACY STATEMENT August 2018
PRIVACY STATEMENT August 2018 1 ABOUT GDPR GDPR, or the General Data Protection Regulation is a new set of EU regulations set to come into force, as a replacement to the existing Data Protection Act. It
More informationING Corporate PKI G3 Internal Certificate Policy
ING Corporate PKI G3 Internal Certificate Policy Version 1.0 March 2018 ING Corporate PKI Service Centre Final Version 1.0 Document information Commissioned by Additional copies of this document ING Corporate
More informationPrivacy Policy. Implemented on: November 2, 2017
Implemented on: November 2, 2017 Privacy Policy STH JAPAN K.K. (the "Company") will strictly control any personal information received from you (the "User(s)") via the website https://hospitality.rugbyworldcup.com/
More informationImpacts of the GDPR in Afnic - Registrar relations: FAQ
Impacts of the GDPR in Afnic - Registrar relations: FAQ Background The adoption of Regulation (Eu) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural
More informationPayThankYou LLC Privacy Policy
PayThankYou LLC Privacy Policy Last Revised: August 7, 2017. The most current version of this Privacy Policy may be viewed at any time on the PayThankYou website. Summary This Privacy Policy covers the
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationPrivacy Policy GENERAL
Privacy Policy GENERAL This document sets out what information Springhill Care Group Ltd collects from visitors, how it uses the information, how it protects the information and your rights. Springhill
More informationApplication Decommissioning in Digital Transformation
Application Decommissioning in Digital Transformation Produced by In cooperation with MARCH 2018 CONTENTS Role of Application Decommissioning in Digital Transformation 3 What is application decommissioning?...
More informationCertification Policy of CERTUM s Certification Services Version 4.0 Effective date: 11 August 2017 Status: archive
Certification Policy of CERTUM s Certification Services Version 4.0 Effective date: 11 August 2017 Status: archive Asseco Data Systems S.A. Podolska Street 21 81-321 Gdynia, Poland Certum - Powszechne
More informationWonde may collect personal information directly from You when You:
Privacy Policy Updated: 17th April 2018 1. Scope At Wonde, we take privacy very seriously. We ve updated our privacy policy ( Policy ) to ensure that we communicate to You, in the clearest way possible,
More informationFair data and open data: differences and consequences
Fair data and open data: differences and consequences 1. To share or not to share: what is fair? Alex Burdorf, Erasmus MC Rotterdam 2. Data sharing: consequences for informed consent Marie-José Bonthuis,
More informationProject to establish National Incomes Register. Stakeholder testing plan
Project to establish National Incomes Register plan Incomes Register Project TESTING PLAN 1(21) REVISION HISTORY Version Date Description 1.0 25/10/2017 Document published. KEY TERMS AND THEIR DEFINITIONS
More information