APEC Privacy Framework “The lack of consumer trust and confidence in the privacy and security of online transactions and information networks is one element.

Slides:

Advertisements

Similar presentations

EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.

Advertisements

Data Protection Information Management / Jody McKenzie.

CHAPTER 4 E-ENVIRONMENT

PIPA PRESENTATION PERSONAL INFORMATION PROTECTION ACT.

CHARTERED SECRETARIES AUSTRALIA New Privacy Laws 6 June 2013.

Privacy and the Right to Know Grayson Barber, Esq. Grayson Barber, LLC.

Data Protection.

Identity Management In A Federated Environment Identity Protection and Management Conference Presented by Samuel P. Jenkins, Director Defense Privacy and.

McCarthy Tétrault McCarthy Tétrault LLP An Act respecting the protection of personal information in the private sector (Quebec): « Particularities of the.

The European Union legal framework for clinical data access: The European Union legal framework for clinical data access: potential challenges and opportunities.

8 Criteria for IRB Approval of Research 45 CFR (a)

Privacy and Data Protection Issues for UCLA Christine Borgman, Professor Information Studies.

Per Anders Eriksson

Personal Data Privacy and The Internet by Stephen Lau Privacy Commissioner for Personal Data, Hong Kong SAR at the Joint Conference of the OECD, HCOPIL,

Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Anglican Province of Canada Privacy Policy. Commitment to Privacy The Privacy Policy, including the Web Privacy Statement, is the Anglican Province of.

Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.

Contemporary Issues in Canadian Health Care Nola M. Ries, MPA, LLM Adjunct Assistant Professor, University of Victoria Research Associate, Health Law Institute,

Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Protecting information rights – advancing information policy Privacy law reform for APP entities (organisations)

13 July 2006Susan Joseph Health Privacy It’s My Business Health Records Act 2001 (Vic) eReferral Service Co-ordination System.

Privacy: Understanding the Needs, Policy, and Approach Owen Greenspan Director Law and Policy Program.

© 2007 The MITRE Corporation. MITRE Privacy Practice W3C Government Linked Data Working Group Michael Aisenberg, Esq. 29 June 2011 Predicate for Privacy.

6th CACR Information Security Workshop 1st Annual Privacy and Security Workshop (November 10, 2000) Incorporating Privacy into the Security Domain: Issues.

Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

Building User Trust Online Sarah Andrews International Conference on the Legal Aspects of an E-Commerce Transaction The Hague October 2004.

WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ Identity and Privacy: the.

Protecting Your Private Parts Tracy Ann Kosa. Protecting Your Private Parts TASK Meeting, 27 February 2008 Objectives  Terminology  Privacy & Security.

Confidentiality and Security Issues in ART & MTCT Clinical Monitoring Systems Meade Morgan and Xen Santas Informatics Team Surveillance and Infrastructure.

Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.

A Perspective: Data Flow Governance in Asia Pacific & APEC Framework Martin Abrams October 21, 2008.

IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.

DATA PROTECTION & FREEDOM OF INFORMATION. What is the difference between Data Protection & Freedom of Information? The Data Protection Act allows you.

Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.

PricewaterhouseCoopers 1 Administrative Simplification: Privacy Audioconference April 14, 2003 William R. Braithwaite, MD, PhD “Doctor HIPAA” HIPAA Today.

The right item, right place, right time. DLA Privacy Act Code of Fair Information Principles.

As defined in the Generally Accepted Privacy Principles, “privacy” refers to the rights and obligations of individuals and organizations with respect to.

Twelve Guiding Principles for the Regulation of Surveillance Camera Systems Presented by: Alastair Thomas Date: 23 rd October 2013.

Malcolm Crompton APEC Information Privacy Framework: review, impact, & progress APEC Symposium on Information Privacy Protection in E Government & E Commerce.

PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.

Data Protection - Rights & Responsibilities Information Commissioner’s Office Orkney Practice Forum 4 th July 2007.

Information Technology & Ethics. Impact The impact of IT on information and communication can be categorized into 4 groups: privacy, accuracy, property,

TRAINING COURSE. Course Objectives 1.Know how to handle a suspected case 2.Know how to care for a recognized trafficked person referred to you Session.

Computer Laws Data Protection Act 1998 Computer Misuse Act 1990.

INFORMATION GOVERNANCE AND CONFIDENTIALITY Information Governance Facilitator.

An NZFFBS Training Module.  Objective 1  State the purpose and principles of the Privacy Act and the Code of Ethics.  Objective 2  Apply the principles.

APEC Engineers Workshop Legal Considerations - Central Register Sept 2015 Angela Frawley, General Counsel.

DON Code of Privacy Act Fair Information Principles DON has devised a list of principles to be applied when handling Protected Personal Information (PPI).

© University of Reading Lee Shailer 06 June 2016 Data Protection the basics.

Data protection—training materials [Name and details of speaker]

Sharing Personal Data ‘What you need to know’ Corporate Information Governance Team Strategic Intelligence.

Understanding Privacy An Overview of our Responsibilities.

Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.

ETHICAL ISSUES IN HEALTH AND NURSING PRACTICE CODE OF ETHICS, STANDARDS OF CONDUCT, PERFORMANCE AND ETHICS FOR NURSES AND MIDWIVES.

Director, Internet, Science, and Technology Research

Privacy principles Individual written policies

Data Protection: EU & International

General Data Protection Regulation

Getting it right for every child and information sharing

APP entities (organisations)

State of the privacy union

G.D.P.R General Data Protection Regulations

OECD Guidelines Collection Limitation: should be limited to personal data, obtained by lawful and fair means, and (where appropriate) with knowledge and.

Healthcare Privacy: The Perspective of a Privacy Advocate

IAPP TRUSTe SYMPOSIUM 9-11 JUNE 2004

PRIVACY PRESENTATION TO THE SPRING 2013 CONFERENCE BY HANK MOORLAG

Data Protection What can I do? GDPR Principles General Data Protection

Data protection & FOIA considerations

DRAFT ISO 10008:2013 Overview Customer satisfaction — Guidelines for business-to-consumer electronic commerce transactions ISO/TC176 TG 01.

Presentation transcript:

APEC Privacy Framework “The lack of consumer trust and confidence in the privacy and security of online transactions and information networks is one element that may prevent member nations from gaining all of the benefits of electronic commerce. “ “This Framework, which aims at promoting electronic commerce throughout the Asia Pacific region, is consistent with the core values of the OECD’s 1980 Guidelines”

APEC information privacy principles Preventing harm: personal information protection should be designed to prevent he misuse of such information. Specific obligations should take account of risk of harm and remedial measures should be proportional to likelihood and severity of the harm threatened by collection, use and transfer of personal information Notice: personal information controllers should provide clear statements that personal information is being collected, the purpose of the collection, who the information might be disclosed to, the identity and location of the controller and how to contact them, what choices are available to limit the use and disclosure of the information and how to access and correct the information if needed—should take all reasonably practicable steps to ensure notice is provided either before or during time of collection, or as soon after as is practicable

Collection limitation: collection should be limited to relevant purposes and any such personal information should be obtained by lawful and fair means and, where appropriate, with notice to or consent of the individual concerned. Uses of personal information: should be used only to fulfill the purposes of collection and other compatible or related purposes, unless get consent of the individual or for legal reasons

Choice: where appropriate, individuals should be provided with clear, easily understandable, accessible, and affordable mechanisms to exercise choice in relation to the collection, use and disclosure of their personal information. Integrity of personal information: should be accurate, complete and up-to-date to extent possible for the purposes of use

Security safeguards: should be proportional to the likelihood and severity of the harm threatened, the sensitivity of the information and the context in which it is held and should be reviewed periodically Access and correction: individuals should be able to confirm their information is being held, should be told what that information is, when they ask, and should be able to challenge the accuracy of the information and, if possible as appropriate, have the information rectified, competed, amended or deleted—limitations on this due to undue burden or for legal reasons to protect confidential commercial information.

Accountability: controller should be accountable for complying with Principles and should, if transferring the information, either get consent of the individual or take reasonable steps to ensure recipient will follow the Principles.