Presentation is loading. Please wait.

Presentation is loading. Please wait.

What if my organization conducts business across borders ? Your footnote Privacy and “Personal Information” have different meanings in different countries;

Published byThomasine Byrd Modified over 8 years ago

Similar presentations

Presentation on theme: "What if my organization conducts business across borders ? Your footnote Privacy and “Personal Information” have different meanings in different countries;"— Presentation transcript:

1 What if my organization conducts business across borders ? Your footnote Privacy and “Personal Information” have different meanings in different countries; however, you should be aware that privacy is regulated to one extent or another in most countries with which the U.S. does business. And regulation in this area is increasing and evolving rapidly. Privacy concerns come into play in any situation where uniquely identifiable information relating to a person is collected, processed and stored. These concerns apply regardless of whether an organization collects uniquely identifiable information in digital form or otherwise. Typical considerations for businesses and organizations that collect Personal Information may include: -how is Personal Information collected, stored, and associated? -who is given access to your customers’ Personal Information? -how is such information used? -does the individual have any ownership rights to such data, and/or the right to view, verify, and challenge that information?

2 Different Notions of “Privacy” Right to privacy primarily enforced as “consumer protection right” Privacy “balanced” against Free Speech; latter often prevails Implied (not express) right in U.S. Constitution Protection of people against Government overreaching, esp. at home Right to privacy as a “fundamental human right” Privacy as a “human dignity right” Art. 8 EU Convention of Human Rights: “…respect for…private and family life…home, and…correspondence”. Protection of people from having their lives exposed to public view, esp. mass media EUROPEAN UNION UNITED STATES Differences also stem from very different historical experiences

3 Privacy protection is privileged over economic efficiency and speech, even if this creates trade barriers Transfers of personal data in commerce, at work, etc. presumed to not be legitimate unless there is a “legal basis” (express consent; fulfillment of contractual or legal obligations) Data Protection Principles Most countries not deemed to offer “adequate protection” Free speech and interstate commerce privileged over privacy; protections crafted primarily for consumers Transfers of personal data are presumed legitimate and necessary (protections limited to situations of egregious misuse or unauthorized access) Regulation fragmented by economic sector (e.g., HIPAA, FCRA, HITECH, GLBA) not uniformly EUROPEAN UNIONUNITED STATES Different Approaches to Privacy Regulation

4 Canada often assumed to be similar to the U.S. with respect to business practices; but privacy regulation is another matter. Canadian approach to confidentiality and the transfer of Personal Information is much more in line with the European model than that of the U.S. Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) became effective in 2004 and provides a federal-level personal information protection regime Basic principles and obligations for organizations covered by PIPEDA: -obtain an individual's consent when they collect, use or disclose the individual's personal information. -the individual has a right to access personal information held by an organization and to challenge its accuracy, if need be. -personal information can only be used for the purposes for which it was collected. If purpose changes, consent must be obtained again. -individuals should also be assured that their information will be protected by specific safeguards, including measures such as locked cabinets, computer passwords or encryption. PRIVACY REGULATION IN CANADA Your footnote

5 Mexico enacted comprehensive data protection law in 2010, the “Law on the Protection of Personal Data in the Possession of Private Entities” (“LFPD”) LFPD regulates the processing of personal information by private companies (other than credit bureaus, which are regulated separately) and seeks to protect citizens’ rights to “privacy and to personal information self-determination”. The LFPD provides data subject s the right to give his/her consent to the processing of personal data, subject to certain statutory exceptions. The data controller must disclose to the data subject, through a privacy notice the information gathered about him/her and the use(s) to be given to said information. LFPD requires express written consent of the data subject for the disclosure of sensitive personal data (incl. ethnic origin, current or foreseeable health condition(s), genetic information, religious, philosophical or moral beliefs, labor union affiliation, political opinions and/or sexual orientation). The LFPD creates a right of civil action for data subjects for the data controllers’ breaches of the LFPD. PRIVACY REGULATION IN MEXICO Your footnote

6 How to Address Privacy Compliance Across National Borders with Different Constituencies Business Partners Employees Customers Service Providers B-2-B agreements regarding use of personal information Privacy Policy Terms and Conditions Representations made re: Use of Personal Information Internal policies and procedures regulating access to and use of personal information Agreements to use personal information only for your organization Your Organization Your Organization

7 http://www.ey.com/Publication/vwLUAssets/Privacy_trend s_2012/$FILE/Privacy-trends-2012_AU1064.pdf http://www.ey.com/Publication/vwLUAssets/Privacy_trend s_2012/$FILE/Privacy-trends-2012_AU1064.pdf http://www.financierworldwide.com/AnnualReviews/AR_D ataProtection_326jpm.pdf http://www.financierworldwide.com/AnnualReviews/AR_D ataProtection_326jpm.pdf http://heatmap.forrestertools.com/ Other Country Regulation & Select Resources Your footnote

Download ppt "What if my organization conducts business across borders ? Your footnote Privacy and “Personal Information” have different meanings in different countries;"

Similar presentations

DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
US Constitution and Right to Privacy Generally only protects against government action Doesn’t obligate government to do something, but rather to refrain.

US Constitution and Right to Privacy Generally only protects against government action Doesn’t obligate government to do something, but rather to refrain.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Sarah Branam Mehmet MunurDino Tsibouris

Sarah Branam Mehmet MunurDino Tsibouris
1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,
DATA PROTECTION and Research University Research Ethics Committee – 08.05.2006 David Cauchi Office of the Data Protection Commissioner.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
Data Protection and Records Management

Data Protection and Records Management
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Text Privacy and Data Protection in Sweden Christine Kirchberger.

Text Privacy and Data Protection in Sweden Christine Kirchberger.
DEED WorkForce Center Reception and Resource Area Certification Program Module 2 Unit 1b: WorkForce Center System II Learning Objectives III.

DEED WorkForce Center Reception and Resource Area Certification Program Module 2 Unit 1b: WorkForce Center System II Learning Objectives III.
Information Privacy Policy in Canada Presented By: Sue Wu.

Information Privacy Policy in Canada Presented By: Sue Wu.
Class 13 Internet Privacy Law European Privacy.

Class 13 Internet Privacy Law European Privacy.
Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005

Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005
Data Protection Overview

Data Protection Overview
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.

 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.

Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.
Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.
Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.

Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.

Similar presentations

Ads by Google