Presentation is loading. Please wait.

Presentation is loading. Please wait.

THE CHOICES WE MAKE THAT MATTER – International Data Privacy/Protection JILL L. UREY, ASSISTANT GENERAL COUNSEL MID-ATLANTIC CIO FORUM NOVEMBER 20, 2014.

Published bySilvester Reed Modified over 8 years ago

Similar presentations

Presentation on theme: "THE CHOICES WE MAKE THAT MATTER – International Data Privacy/Protection JILL L. UREY, ASSISTANT GENERAL COUNSEL MID-ATLANTIC CIO FORUM NOVEMBER 20, 2014."— Presentation transcript:

1 THE CHOICES WE MAKE THAT MATTER – International Data Privacy/Protection JILL L. UREY, ASSISTANT GENERAL COUNSEL MID-ATLANTIC CIO FORUM NOVEMBER 20, 2014

2 Agenda 1. Overview of Glatfelter 2. Data Privacy/Protection Introduction 3. European Union Requirements 4. Non-EU Highlights 5. Trends 6. Tips and Guidance 7. Questions 1. Overview of Glatfelter 2. Data Privacy/Protection Introduction 3. European Union Requirements 4. Non-EU Highlights 5. Trends 6. Tips and Guidance 7. Questions 1

3 Glatfelter products are marketed in over 90 countries around the world 2 GLATFELTER – Global supplier of choice for fiber-based engineered products Founded in 1864; Publicly traded on the NYSE as GLT Annual sales of $1.8 billion; 4,400 employees worldwide Manufacturing Facilities: U.S., Germany, U.K., Canada, France, Philippines Sales / Representative Offices: U.S., Germany, France, U.K., China, Russia

4 Specialty Papers Feminine Hygiene #1 Adult Incontinence #1 Specialty Wipes/Towels #2 Trade Book Publishing#1 Carbonless Products#1 Postal Applications#1 Playing Cards#1 Greeting Cards#2 Tea Bags/Coffee Filters #1 Nonwoven Wallcovering #1 Composite Laminates #1 Battery Pasting Papers #1 Metallized Products #2 Composite Fibers Advanced Airlaid Materials GLATFELTER – Leading Positions in Niche Markets 3 Total net sales of $1.8 billion

5 Supplier of Choice to a Well Respected Customer Base 4 Random House Specialty PapersComposite FibersAdvanced Airlaid Materials GLATFELTER – Strong Relationships with Global Customers

6 Introduction to Data Privacy/Protection PERSONAL DATA Any information that identifies or can be used to identify an individual:  Name  Address  E-mail  Phone Number  ID Number  Date of Birth  Health Information  Banking Information  Marital Status, etc. PERSONAL DATA Any information that identifies or can be used to identify an individual:  Name  Address  E-mail  Phone Number  ID Number  Date of Birth  Health Information  Banking Information  Marital Status, etc. 5 Data Privacy/Protection Laws regulate the Processing of Personal Data PROCESSING Includes the following:  Collection  Use  Storage  Sharing  Transmission  Alteration  Deletion PROCESSING Includes the following:  Collection  Use  Storage  Sharing  Transmission  Alteration  Deletion

7 European Union Data Protection EU Data Protection Directive (95/46/EC) Article 29 Working Party Laws: The collection, processing and use of Personal Data is banned unless an exception applies. Data Subjects have the right to know why and how their Personal Data is collected and processed. Principles: Consent of Data Subject Legal Obligation or Public Interest Performance of Contract Protection of Vital Interests of Data Subject Legitimate Interests of Data Collector Exceptions: 6

8 EU Data Protection – Personal Data Transfers Outside the EU Safe Harbor Certification 1.Joint EU Commission and US Department of Commerce Program 2. Companies certify compliance with EU data protection standards 3. Annual certification for employee personal data and third party personal data Corporate Binding Rules 1. Internal rules/policies of company meeting EU data protection standards 2. Approved by relevant EU member’s Data Protection Authority 3. Approval times vary 7

9 EU Data Protection - Controllers and Processors 8 Data Transfers:  Statutory Justification  Data Subject Consent  Data Processing Agreement  Safe Harbor Certification OR Corporate Binding Rules  Standard Contractual Clauses

10 EU Data Protection – Additional Member States’ Requirements Co-Determination Rights Data Protection Officers Individual Employee Consent Consultation with Works Councils Declaration filing with the Data Protection Authority (CNIL) Notification to U.K. Information Commissioner 9 Germany France United Kingdom

11 Highlights of Non-EU Data Protection Requirements Data Transfer Agreement Explicit Consent from Data Subjects National and Provincial Laws Data Transfer Agreements/Sharing Protocols Employee Notification of International Transfers Written Consent from Data Subjects Notification to Russian State Regulator if Processing Customer Data 10 China Canada Russia

12 Trends – Enforcement News · BRAZIL: Telecom company fined $1.59 million for violating users privacy. HONG KONG: Privacy Commissioner condemns employment agencies from collecting personal data for job applicants via blind recruitment advertisements. · U.K.: An individual awarded nominal damages for emotional distress due to data breach. IRELAND: Successfully prosecuted individual directors of a company for disclosures of personal data without the consent of the data controller. 11

13 Trends – EU Cookie Audits 12 EU ePrivacy (“Cookie”) Directive  Users must be informed about the use of cookies on a company’s website  Users have the right to consent to cookies prior to use  Exception for cookies that are strictly necessary to delivery of an on-line service  Jurisdictional split on consent: Express vs. Implied  Cookie sweeps and audits EU ePrivacy (“Cookie”) Directive  Users must be informed about the use of cookies on a company’s website  Users have the right to consent to cookies prior to use  Exception for cookies that are strictly necessary to delivery of an on-line service  Jurisdictional split on consent: Express vs. Implied  Cookie sweeps and audits

14 Trends – Proposed EU Data Protection Revisions Prior authorization of a national data protection authority required before personal data may be transferred to non- EU country. Fines increased to the greater of €100 million or 5% of annual worldwide turnover. Data Subjects have right to demand erasure of personal data. Internet service providers processing personal data must receive explicit consent from the data subject. 13

15 Tips and Guidance AssessmentTechnologyDocumentationCommunication 14

16 Thank you! Questions? 15

Download ppt "THE CHOICES WE MAKE THAT MATTER – International Data Privacy/Protection JILL L. UREY, ASSISTANT GENERAL COUNSEL MID-ATLANTIC CIO FORUM NOVEMBER 20, 2014."

Similar presentations

EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.

EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.
Re-use of PSI Data Protection Issues Cécile de Terwangne Professor at the Law Faculty, Research Director at CRIDS University of Namur (Belgium) 2 nd LAPSI.

Re-use of PSI Data Protection Issues Cécile de Terwangne Professor at the Law Faculty, Research Director at CRIDS University of Namur (Belgium) 2 nd LAPSI.
Data Protection Billy Hawkes Data Protection Commissioner Irish Human Rights Commission 20 November 2010.

Data Protection Billy Hawkes Data Protection Commissioner Irish Human Rights Commission 20 November 2010.
DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
International Employment – latest Digital Employment issues Melanie Lane and Karine Audouze.

International Employment – latest Digital Employment issues Melanie Lane and Karine Audouze.
The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.

The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.
Data Protection.

Data Protection.
© 2005 Morrison & Foerster LLP All Rights Reserved Data Security and Incident Notification: The Impact of Foreign Law Presented April 26, 2006 to EDUCAUSE.

© 2005 Morrison & Foerster LLP All Rights Reserved Data Security and Incident Notification: The Impact of Foreign Law Presented April 26, 2006 to EDUCAUSE.
1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,
DATA PROTECTION and Research University Research Ethics Committee – 08.05.2006 David Cauchi Office of the Data Protection Commissioner.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
Hong Kong Privacy Code on Human Resource Management

Hong Kong Privacy Code on Human Resource Management
Data Protection and Records Management

Data Protection and Records Management
Managing Personal Information - Australian Companies Outsourcing to India and the Philippines Professor Margaret Jackson and Marita Shelly.

Managing Personal Information - Australian Companies Outsourcing to India and the Philippines Professor Margaret Jackson and Marita Shelly.
Lecture to Carleton University, Center for European Studies, December 1, 2010.

Lecture to Carleton University, Center for European Studies, December 1, 2010.
Per Anders Eriksson

Per Anders Eriksson
The U.S.-E.U. Safe Harbor Framework The U.S.-E.U. Safe Harbor Framework New Developments in Data Flows, Standards, & Compliance Damon Greer U.S. Department.

The U.S.-E.U. Safe Harbor Framework The U.S.-E.U. Safe Harbor Framework New Developments in Data Flows, Standards, & Compliance Damon Greer U.S. Department.
Anomalous Aspects of Transfer of Personal Data from the E.U. to the U.S. Stephen R. Bell Willkie Farr & Gallagher ABA Section of International Law New.

Anomalous Aspects of Transfer of Personal Data from the E.U. to the U.S. Stephen R. Bell Willkie Farr & Gallagher ABA Section of International Law New.
Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Kirkpatrick & Lockhart LLP Attorneys At Law www.kl.com Boston, Dallas, Harrisburg, Los Angeles, Miami, New York, Newark, Pittsburgh, San Francisco, Washington,

Kirkpatrick & Lockhart LLP Attorneys At Law Boston, Dallas, Harrisburg, Los Angeles, Miami, New York, Newark, Pittsburgh, San Francisco, Washington,
Class 13 Internet Privacy Law European Privacy.

Class 13 Internet Privacy Law European Privacy.

Similar presentations

Ads by Google