Presentation is loading. Please wait.

Presentation is loading. Please wait.

High Technology Cooperation Group: Data Privacy The Indo-U.S. High Technology Cooperation Group November 18, 2004 www.usibc.com Privacy and Cyber Security:

Published byMorris Newman Modified over 8 years ago

Similar presentations

Presentation on theme: "High Technology Cooperation Group: Data Privacy The Indo-U.S. High Technology Cooperation Group November 18, 2004 www.usibc.com Privacy and Cyber Security:"— Presentation transcript:

1 High Technology Cooperation Group: Data Privacy The Indo-U.S. High Technology Cooperation Group November 18, 2004 www.usibc.com Privacy and Cyber Security: legal and policy issues Joseph Alhadeff Chair, USIBC Information Technology Committee

2 www.usibc.com High Technology Cooperation Group: Data Privacy The Indo-U.S. High Technology Cooperation Group November 18, 2004 The Legal Landscape Governmental Sources EU Guidelines FTC Fair Information Practices Regional Law National Law Local Law Quasi Governmental OECD Guidelines APEC Guidelines APT Guidelines Self Regulatory Bodies Business/Sectoral Associations

3 www.usibc.com High Technology Cooperation Group: Data Privacy The Indo-U.S. High Technology Cooperation Group November 18, 2004 OECD Guideline Principles The collection and use of data should be disclosed and users be given an opportunity to decline collection Data should be collected, stored, processed, and communicated only for legitimate purposes; Data should be current, accurate, and relevant to the intended use; and Data subjects should be entitled to examine, where appropriate, data relating to them, and to obtain correction or deletion of such data, if justified.

4 www.usibc.com High Technology Cooperation Group: Data Privacy The Indo-U.S. High Technology Cooperation Group November 18, 2004 APEC Guidelines Like OECD Guidelines recognize the benefits of the information flows as well as responsibilities Based on OECD, but more flexible and adaptable to Global Information Flows Focus is more on use of personal information and preventing harm through appropriate protection obligations that flow with the information This includes work on using corporate rules with regional recognition Principles should be ratified this year, work on implementation continues.

5 www.usibc.com High Technology Cooperation Group: Data Privacy The Indo-U.S. High Technology Cooperation Group November 18, 2004 Common Privacy Elements Disclosure/Notice of what, how, why and with who Choice – opt in / opt-out Access for review correction Security Fair, relevant, timely, for business need Compliance/enforcement (company) Redress/oversight (government/third party)

6 www.usibc.com High Technology Cooperation Group: Data Privacy The Indo-U.S. High Technology Cooperation Group November 18, 2004 Setting the Stage: EU/US Basics

7 www.usibc.com High Technology Cooperation Group: Data Privacy The Indo-U.S. High Technology Cooperation Group November 18, 2004 EU/US Privacy Paradigms EU Privacy rights mainly applied to protect individuals from corporate/commercial use of information The role of government in protecting privacy The human right of privacy and moral rights of authors Regulation in advance of issue Wrongful collection of information US The Constitutional right to privacy secures citizens from unreasonable governmental intrusion The role of the government in assuring fairness and preventing deception Free speech, individual choice and the fair use doctrine Legislation in response to issue Harmful use of information

8 www.usibc.com High Technology Cooperation Group: Data Privacy The Indo-U.S. High Technology Cooperation Group November 18, 2004 The Nature of a Directive EU wide application National country implementation May vary in implementation as long as not contrary Any Country / Citizen may bring action to claim that national is not in compliance Heard by EU court

9 www.usibc.com High Technology Cooperation Group: Data Privacy The Indo-U.S. High Technology Cooperation Group November 18, 2004 EU Directive October 24, 1998 implementation EU Personally identifiable information must have adequate protection Intranet/Web collection Extraterritorial effect - adequacy of other laws National implementation spectrum: floor not ceiling Directive review

10 www.usibc.com High Technology Cooperation Group: Data Privacy The Indo-U.S. High Technology Cooperation Group November 18, 2004 EU Directive - Continued Extraterritorial effect – precludes transfer to countries not providing for adequate protection of privacy Adequacy findings for Switzerland, Hungary, Canada, Argentina and the US Safe Harbor companies Derogations Contractual solutions EC Data Controller and Processor Model Contracts ICC Model Contract Binding Corporate Rules – Work in progress

11 www.usibc.com High Technology Cooperation Group: Data Privacy The Indo-U.S. High Technology Cooperation Group November 18, 2004 Directive Historical Context Directive was drafted in a time of point-to- point EDI and overnight batch processing. Contractual solutions/adequacy were more appropriate for country-to-country transfers Directive review recognized need for greater harmonization across EU application and need for greater flexibility of application to global information flows.

12 www.usibc.com High Technology Cooperation Group: Data Privacy The Indo-U.S. High Technology Cooperation Group November 18, 2004 US/EU Agree on Safe Harbor Effective date 11/00 - Compliance By 7/01 Self-certification Principles/FAQs Enforcement Mechanisms Third Party backed by FTC/DOT Panel of three registrars Benefit - Finding of adequacy is equivalent to transfer w/in EU for prior consent purposes, BUT still requires notice & rationale

13 www.usibc.com High Technology Cooperation Group: Data Privacy The Indo-U.S. High Technology Cooperation Group November 18, 2004 Safe Harbor Principles 1.Notice 2.Choice 3.Onward Transfer 4.Security 5.Access 6. Enforcement Documents may be found at: http://www.export.gov/safeharbor

14 www.usibc.com High Technology Cooperation Group: Data Privacy The Indo-U.S. High Technology Cooperation Group November 18, 2004 Safe Harbor Review Report was critical of certain practices but did not undermine the Safe Harbor Focused on need for clarification, education and review of oversight practices Financial Services still NOT covered Treasury negotiations “Fractured” alliance prospects… Safe harbor predicated on Agency backstop – FTC, DOT

15 www.usibc.com High Technology Cooperation Group: Data Privacy The Indo-U.S. High Technology Cooperation Group November 18, 2004 Outside EU and US – Some Highlights… All enlargement countries, Switzerland and EFTA Other active countries w/some legislation… Hong Kong; New Zealand; Chile; Argentina; Canada, Australia;Taiwan;Korea;South Africa, Japan… Proposed/Thinking: Thailand; India; Brazil; Mexico; China…

16 www.usibc.com High Technology Cooperation Group: Data Privacy The Indo-U.S. High Technology Cooperation Group November 18, 2004 Privacy and India: Focus on rationale and objective Review existing laws and processes (including Contract Law and other related laws and processes) Review current state of the data processing and global sourcing industry re: privacy and security Gap analysis to relevant international instruments and norms Selective amendment or revision of existing laws and processes as needed to achieve objectives The need for more, better and targeted information to address gaps in perception

17 www.usibc.com High Technology Cooperation Group: Data Privacy The Indo-U.S. High Technology Cooperation Group November 18, 2004 Innovative Privacy Architecture Elements

18 www.usibc.com High Technology Cooperation Group: Data Privacy The Indo-U.S. High Technology Cooperation Group November 18, 2004 Concepts for Privacy Approaches Consistent with need for and benefits of global information flows Protection as appropriate to type and use of information – business directory, for instance Limitation of bureaucratic overhead Innovative policy instruments and mechanisms Recognition of registration/ certification/ accreditation Mediation/dispute resolution Cooperation in cross-border transfer and responsibility

19 www.usibc.com High Technology Cooperation Group: Data Privacy The Indo-U.S. High Technology Cooperation Group November 18, 2004 Concepts cont’d Transparency for Business and Consumer Appropriate relationship to security Relevance to developed and developing countries as well as those with and without existing frameworks Considering appropriate incentives, motivating factors and redress frameworks

20 www.usibc.com High Technology Cooperation Group: Data Privacy The Indo-U.S. High Technology Cooperation Group November 18, 2004 To what end? Exploring the thought-leadership role that India could play as a result of long- established legal frameworks, cutting edge technology players, entrepreneurial expertise and increasingly important role in global data transfers

Download ppt "High Technology Cooperation Group: Data Privacy The Indo-U.S. High Technology Cooperation Group November 18, 2004 www.usibc.com Privacy and Cyber Security:"

Similar presentations

EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.

EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
© 2005 Morrison & Foerster LLP All Rights Reserved Data Security and Incident Notification: The Impact of Foreign Law Presented April 26, 2006 to EDUCAUSE.

© 2005 Morrison & Foerster LLP All Rights Reserved Data Security and Incident Notification: The Impact of Foreign Law Presented April 26, 2006 to EDUCAUSE.
The Geopolitics of Personal Data and the Governance of Privacy Colin J. Bennett Department of Political Science University of Victoria BC, Canada www.colinbennett.ca.

The Geopolitics of Personal Data and the Governance of Privacy Colin J. Bennett Department of Political Science University of Victoria BC, Canada
1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,
Managing Personal Information - Australian Companies Outsourcing to India and the Philippines Professor Margaret Jackson and Marita Shelly.

Managing Personal Information - Australian Companies Outsourcing to India and the Philippines Professor Margaret Jackson and Marita Shelly.
A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.

A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.
Simple, Effective, Transparent Regulation: Best Practices in OECD countries Cesar Cordova-Novion Deputy Head of Programme Regulatory Reform, OECD.

Simple, Effective, Transparent Regulation: Best Practices in OECD countries Cesar Cordova-Novion Deputy Head of Programme Regulatory Reform, OECD.
Per Anders Eriksson

Per Anders Eriksson
The U.S.-E.U. Safe Harbor Framework The U.S.-E.U. Safe Harbor Framework New Developments in Data Flows, Standards, & Compliance Damon Greer U.S. Department.

The U.S.-E.U. Safe Harbor Framework The U.S.-E.U. Safe Harbor Framework New Developments in Data Flows, Standards, & Compliance Damon Greer U.S. Department.
Transborder dataflows Flow of information across national borders Much of this data involves personal information.

Transborder dataflows Flow of information across national borders Much of this data involves personal information.
Anomalous Aspects of Transfer of Personal Data from the E.U. to the U.S. Stephen R. Bell Willkie Farr & Gallagher ABA Section of International Law New.

Anomalous Aspects of Transfer of Personal Data from the E.U. to the U.S. Stephen R. Bell Willkie Farr & Gallagher ABA Section of International Law New.
Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
From European to international standards on data protection (1/2)

From European to international standards on data protection (1/2)
Class 13 Internet Privacy Law European Privacy.

Class 13 Internet Privacy Law European Privacy.
THE CHOICES WE MAKE THAT MATTER – International Data Privacy/Protection JILL L. UREY, ASSISTANT GENERAL COUNSEL MID-ATLANTIC CIO FORUM NOVEMBER 20, 2014.

THE CHOICES WE MAKE THAT MATTER – International Data Privacy/Protection JILL L. UREY, ASSISTANT GENERAL COUNSEL MID-ATLANTIC CIO FORUM NOVEMBER 20, 2014.
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
E – Commerce and the Applicable Law Rules Judge Ehab Maher Elsonbaty Judge of South Sinai Court in Egypt and Visiting Scholar in the Institution for computer.

E – Commerce and the Applicable Law Rules Judge Ehab Maher Elsonbaty Judge of South Sinai Court in Egypt and Visiting Scholar in the Institution for computer.
© 2007 The MITRE Corporation. MITRE Privacy Practice W3C Government Linked Data Working Group Michael Aisenberg, Esq. 29 June 2011 Predicate for Privacy.

© 2007 The MITRE Corporation. MITRE Privacy Practice W3C Government Linked Data Working Group Michael Aisenberg, Esq. 29 June 2011 Predicate for Privacy.

Similar presentations

Ads by Google