High Technology Cooperation Group: Data Privacy The Indo-U.S. High Technology Cooperation Group November 18, 2004 www.usibc.com Privacy and Cyber Security:

Slides:



Advertisements
Similar presentations
EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.
Advertisements

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
© 2005 Morrison & Foerster LLP All Rights Reserved Data Security and Incident Notification: The Impact of Foreign Law Presented April 26, 2006 to EDUCAUSE.
The Geopolitics of Personal Data and the Governance of Privacy Colin J. Bennett Department of Political Science University of Victoria BC, Canada
1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,
Managing Personal Information - Australian Companies Outsourcing to India and the Philippines Professor Margaret Jackson and Marita Shelly.
A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.
Simple, Effective, Transparent Regulation: Best Practices in OECD countries Cesar Cordova-Novion Deputy Head of Programme Regulatory Reform, OECD.
Per Anders Eriksson
The U.S.-E.U. Safe Harbor Framework The U.S.-E.U. Safe Harbor Framework New Developments in Data Flows, Standards, & Compliance Damon Greer U.S. Department.
Transborder dataflows Flow of information across national borders Much of this data involves personal information.
Anomalous Aspects of Transfer of Personal Data from the E.U. to the U.S. Stephen R. Bell Willkie Farr & Gallagher ABA Section of International Law New.
Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
From European to international standards on data protection (1/2)
Class 13 Internet Privacy Law European Privacy.
THE CHOICES WE MAKE THAT MATTER – International Data Privacy/Protection JILL L. UREY, ASSISTANT GENERAL COUNSEL MID-ATLANTIC CIO FORUM NOVEMBER 20, 2014.
Internal Auditing and Outsourcing
E – Commerce and the Applicable Law Rules Judge Ehab Maher Elsonbaty Judge of South Sinai Court in Egypt and Visiting Scholar in the Institution for computer.
© 2007 The MITRE Corporation. MITRE Privacy Practice W3C Government Linked Data Working Group Michael Aisenberg, Esq. 29 June 2011 Predicate for Privacy.
Outsourcing Louis P. Piergeti VP, IIROC March 29, 2011.
The International Task Force on Harmonization and Equivalency in Organic Agriculture (ITF)
Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.
Building User Trust Online Sarah Andrews International Conference on the Legal Aspects of an E-Commerce Transaction The Hague October 2004.
1 SAFE HARBOR FRAMEWORK Barbara S. Wellbery Morrison & Foerster LLP 2000 Pennsylvania Avenue Washington, DC /
Implementation of the Essential Standards The Australian Quality Framework (AQTF) is the national set of standards which assures nationally consistent,
The European influence on privacy law and practice Nigel Waters, Pacific Privacy Consulting International Dimension of E-commerce and Cyberspace Regulation.
Data Protection Compliance Professor Ian Walden Institute of Computer and Communications Law, Centre for Commercial Law Studies, Queen Mary, University.
A Perspective: Data Flow Governance in Asia Pacific & APEC Framework Martin Abrams October 21, 2008.
IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.
European Data Protection Supervisor Pharmaceutical Regulatory & Compliance Congress, Brussels, 7 June 2007 European Privacy and Data Protection Policy.
Environmental Management System Definitions
© 2014 IBM Corporation Mapping APEC CBPRs onto EU BCRs Anick Fortin-Cousens Privacy Officer, Canada, Latin America, Middle East & Africa Program Director,
Harmonization project CAS project group (Chair, Slovakia, European Court of Auditors) CAS meeting Batumi, Georgia 27th of September 2011.
Malcolm Crompton APEC Information Privacy Framework: review, impact, & progress APEC Symposium on Information Privacy Protection in E Government & E Commerce.
PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.
Privacy: An International Perspective Marty Abrams August 18, 2008.
Data protection and compliance in context 19 November 2007 Stewart Room Partner.
1 IAPP TRUSTe Symposium: Privacy Futures ASIAN PRIVACY AT THE CROSSROADS IAPP TRUSTe Symposium: Privacy Futures (Session 3.06 “International Privacy: A.
Privacy and Data Protection III Annual Latin American Telecommunications, Technology, and Internet Public Policy Forum Geff Brown, Assistant General Counsel.
Cyberspace Privacy Considerations Arthur Shay, Esq. Shay & Partners, Taipei, Taiwan February 25, 2008 Partnership towards IGF in Asia.
HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.
1 Copyright © International Security, Trust & Privacy Alliance -All Rights Reserved Making Privacy Operational International Security, Trust.
Issues Related to Global Information Systems A business can’t just worry about its home- country laws, rules and regulations. If a business has global.
Privacy and Data Protection in e-Communications Sector Legislation, Codes of Practice and Standards Privacy and Data Protection in e-Communications Sector.
APEC Engineers Workshop Legal Considerations - Central Register Sept 2015 Angela Frawley, General Counsel.
APEC Privacy Framework “The lack of consumer trust and confidence in the privacy and security of online transactions and information networks is one element.
1 TAIEX JHA Workshop on data protection and cloud computing Data transfers to third countries and standard contractual clauses Skopje, 29 May 2014.
The EU General Data Protection Regulation Frank Rankin.
Key Points for a Privacy Programme for Multinationals Steve Coope.
Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.
Convention 108 and the EU framework: Differing while Converging
Data Protection Officer’s Overview of the GDPR
Surveillance around the world
What Is ISO ISO 27001, titled "Information Security Management - Specification With Guidance for Use", is the replacement for BS It is intended.
GDPR (General Data Protection Regulation)
Cesar Cordova-Novion Deputy Head of Programme Regulatory Reform, OECD
Data Protection: EU & International
General Data Protection Regulation
International Regulatory Trends
Information Governance and Data Privacy: A World of Risk
EU Directive 95/46/EC (Paragraph 2) “Whereas data-processing systems are designed to serve man; whereas they must Respect their fundamental rights.
Bob Siegel President Privacy Ref, Inc.
Protection of Personal Information Bill: An International Perspective
Employee Privacy and Privacy of Employee Information
Data transfers to non-EU countries under the new GDPR
Importance of Law and Policies in the Environmental Management System
IAPP TRUSTe SYMPOSIUM 9-11 JUNE 2004
EU Data Protection Legislation
Module 2: The Development of an International Regime on Access to Genetic Resources and Benefit-Sharing Science Places Plants People.
Presentation transcript:

High Technology Cooperation Group: Data Privacy The Indo-U.S. High Technology Cooperation Group November 18, Privacy and Cyber Security: legal and policy issues Joseph Alhadeff Chair, USIBC Information Technology Committee

High Technology Cooperation Group: Data Privacy The Indo-U.S. High Technology Cooperation Group November 18, 2004 The Legal Landscape Governmental Sources EU Guidelines FTC Fair Information Practices Regional Law National Law Local Law Quasi Governmental OECD Guidelines APEC Guidelines APT Guidelines Self Regulatory Bodies Business/Sectoral Associations

High Technology Cooperation Group: Data Privacy The Indo-U.S. High Technology Cooperation Group November 18, 2004 OECD Guideline Principles The collection and use of data should be disclosed and users be given an opportunity to decline collection Data should be collected, stored, processed, and communicated only for legitimate purposes; Data should be current, accurate, and relevant to the intended use; and Data subjects should be entitled to examine, where appropriate, data relating to them, and to obtain correction or deletion of such data, if justified.

High Technology Cooperation Group: Data Privacy The Indo-U.S. High Technology Cooperation Group November 18, 2004 APEC Guidelines Like OECD Guidelines recognize the benefits of the information flows as well as responsibilities Based on OECD, but more flexible and adaptable to Global Information Flows Focus is more on use of personal information and preventing harm through appropriate protection obligations that flow with the information This includes work on using corporate rules with regional recognition Principles should be ratified this year, work on implementation continues.

High Technology Cooperation Group: Data Privacy The Indo-U.S. High Technology Cooperation Group November 18, 2004 Common Privacy Elements Disclosure/Notice of what, how, why and with who Choice – opt in / opt-out Access for review correction Security Fair, relevant, timely, for business need Compliance/enforcement (company) Redress/oversight (government/third party)

High Technology Cooperation Group: Data Privacy The Indo-U.S. High Technology Cooperation Group November 18, 2004 Setting the Stage: EU/US Basics

High Technology Cooperation Group: Data Privacy The Indo-U.S. High Technology Cooperation Group November 18, 2004 EU/US Privacy Paradigms EU Privacy rights mainly applied to protect individuals from corporate/commercial use of information The role of government in protecting privacy The human right of privacy and moral rights of authors Regulation in advance of issue Wrongful collection of information US The Constitutional right to privacy secures citizens from unreasonable governmental intrusion The role of the government in assuring fairness and preventing deception Free speech, individual choice and the fair use doctrine Legislation in response to issue Harmful use of information

High Technology Cooperation Group: Data Privacy The Indo-U.S. High Technology Cooperation Group November 18, 2004 The Nature of a Directive EU wide application National country implementation May vary in implementation as long as not contrary Any Country / Citizen may bring action to claim that national is not in compliance Heard by EU court

High Technology Cooperation Group: Data Privacy The Indo-U.S. High Technology Cooperation Group November 18, 2004 EU Directive October 24, 1998 implementation EU Personally identifiable information must have adequate protection Intranet/Web collection Extraterritorial effect - adequacy of other laws National implementation spectrum: floor not ceiling Directive review

High Technology Cooperation Group: Data Privacy The Indo-U.S. High Technology Cooperation Group November 18, 2004 EU Directive - Continued Extraterritorial effect – precludes transfer to countries not providing for adequate protection of privacy Adequacy findings for Switzerland, Hungary, Canada, Argentina and the US Safe Harbor companies Derogations Contractual solutions EC Data Controller and Processor Model Contracts ICC Model Contract Binding Corporate Rules – Work in progress

High Technology Cooperation Group: Data Privacy The Indo-U.S. High Technology Cooperation Group November 18, 2004 Directive Historical Context Directive was drafted in a time of point-to- point EDI and overnight batch processing. Contractual solutions/adequacy were more appropriate for country-to-country transfers Directive review recognized need for greater harmonization across EU application and need for greater flexibility of application to global information flows.

High Technology Cooperation Group: Data Privacy The Indo-U.S. High Technology Cooperation Group November 18, 2004 US/EU Agree on Safe Harbor Effective date 11/00 - Compliance By 7/01 Self-certification Principles/FAQs Enforcement Mechanisms Third Party backed by FTC/DOT Panel of three registrars Benefit - Finding of adequacy is equivalent to transfer w/in EU for prior consent purposes, BUT still requires notice & rationale

High Technology Cooperation Group: Data Privacy The Indo-U.S. High Technology Cooperation Group November 18, 2004 Safe Harbor Principles 1.Notice 2.Choice 3.Onward Transfer 4.Security 5.Access 6. Enforcement Documents may be found at:

High Technology Cooperation Group: Data Privacy The Indo-U.S. High Technology Cooperation Group November 18, 2004 Safe Harbor Review Report was critical of certain practices but did not undermine the Safe Harbor Focused on need for clarification, education and review of oversight practices Financial Services still NOT covered Treasury negotiations “Fractured” alliance prospects… Safe harbor predicated on Agency backstop – FTC, DOT

High Technology Cooperation Group: Data Privacy The Indo-U.S. High Technology Cooperation Group November 18, 2004 Outside EU and US – Some Highlights… All enlargement countries, Switzerland and EFTA Other active countries w/some legislation… Hong Kong; New Zealand; Chile; Argentina; Canada, Australia;Taiwan;Korea;South Africa, Japan… Proposed/Thinking: Thailand; India; Brazil; Mexico; China…

High Technology Cooperation Group: Data Privacy The Indo-U.S. High Technology Cooperation Group November 18, 2004 Privacy and India: Focus on rationale and objective Review existing laws and processes (including Contract Law and other related laws and processes) Review current state of the data processing and global sourcing industry re: privacy and security Gap analysis to relevant international instruments and norms Selective amendment or revision of existing laws and processes as needed to achieve objectives The need for more, better and targeted information to address gaps in perception

High Technology Cooperation Group: Data Privacy The Indo-U.S. High Technology Cooperation Group November 18, 2004 Innovative Privacy Architecture Elements

High Technology Cooperation Group: Data Privacy The Indo-U.S. High Technology Cooperation Group November 18, 2004 Concepts for Privacy Approaches Consistent with need for and benefits of global information flows Protection as appropriate to type and use of information – business directory, for instance Limitation of bureaucratic overhead Innovative policy instruments and mechanisms Recognition of registration/ certification/ accreditation Mediation/dispute resolution Cooperation in cross-border transfer and responsibility

High Technology Cooperation Group: Data Privacy The Indo-U.S. High Technology Cooperation Group November 18, 2004 Concepts cont’d Transparency for Business and Consumer Appropriate relationship to security Relevance to developed and developing countries as well as those with and without existing frameworks Considering appropriate incentives, motivating factors and redress frameworks

High Technology Cooperation Group: Data Privacy The Indo-U.S. High Technology Cooperation Group November 18, 2004 To what end? Exploring the thought-leadership role that India could play as a result of long- established legal frameworks, cutting edge technology players, entrepreneurial expertise and increasingly important role in global data transfers

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.