Submit Search
Upload
Keeping Information Safe: Privacy and Security Issues
•
2 likes
•
648 views
I
ipspat
Follow
By Francois Gilbert
Read less
Read more
Technology
News & Politics
Report
Share
Report
Share
1 of 15
Download now
Download to read offline
Recommended
Francoise Gilbert Proposed EU Data Protection Regulation-20120214
Francoise Gilbert Proposed EU Data Protection Regulation-20120214
Francoise Gilbert
Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and Avoidance
Amy Purcell
Personal Data Privacy and Information Security
Personal Data Privacy and Information Security
Charles Mok
Privacy and Data Security
Privacy and Data Security
WilmerHale
GDPR Part 1: Quick Facts
GDPR Part 1: Quick Facts
Adrian Dumitrescu
Data Privacy Introduction
Data Privacy Introduction
G Prachi
Personal privacy and computer technologies
Personal privacy and computer technologies
sidra batool
Information Privacy
Information Privacy
imehreenx
Recommended
Francoise Gilbert Proposed EU Data Protection Regulation-20120214
Francoise Gilbert Proposed EU Data Protection Regulation-20120214
Francoise Gilbert
Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and Avoidance
Amy Purcell
Personal Data Privacy and Information Security
Personal Data Privacy and Information Security
Charles Mok
Privacy and Data Security
Privacy and Data Security
WilmerHale
GDPR Part 1: Quick Facts
GDPR Part 1: Quick Facts
Adrian Dumitrescu
Data Privacy Introduction
Data Privacy Introduction
G Prachi
Personal privacy and computer technologies
Personal privacy and computer technologies
sidra batool
Information Privacy
Information Privacy
imehreenx
Cloud primer
Cloud primer
Zeno Idzerda
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Financial Poise
Privacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital World
Arab Federation for Digital Economy
Websites: do you tick all the boxes?
Websites: do you tick all the boxes?
walescva
Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1
Dione McBride, CISSP, CIPP/E
S719a
S719a
ecommerce
Privacy and missing persons
Privacy and missing persons
mpcislides
Information Privacy
Information Privacy
primeteacher32
57th ICCA Congress | 12.11.2018 | Data Protection - 150 days after GDPR
57th ICCA Congress | 12.11.2018 | Data Protection - 150 days after GDPR
ICCA (International Congress and Convention Association)
2013.11.30.Brook-CSA_Congress_EU_Avoiding_US_Cloud_Providers
2013.11.30.Brook-CSA_Congress_EU_Avoiding_US_Cloud_Providers
Jon-Michael C. Brook, CISSP
Digital Velocity London 2017 - Data Privacy and Sovereignty, Sheila Fitz Patrick
Digital Velocity London 2017 - Data Privacy and Sovereignty, Sheila Fitz Patrick
Tealium
AIIM 2015 - Data Privacy
AIIM 2015 - Data Privacy
Alan Pelz-Sharpe
Privacy issues and internet privacy
Privacy issues and internet privacy
vinyas87
Personal Data Protection Law
Personal Data Protection Law
Hatice Zümbül, LL.M.
Privacy 101
Privacy 101
Trish McGinity, CCSK
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulations
Ulf Mattsson
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
centralohioissa
Data Privacy
Data Privacy
Home
Legal update
Legal update
Rachel Aldighieri
[Privacy Webinar Slides] Global Enforcement Priorities
[Privacy Webinar Slides] Global Enforcement Priorities
TrustArc
Safe Harbor: A framework for US – EU data privacy
Safe Harbor: A framework for US – EU data privacy
Raymond Cunningham
Lesson 2
Lesson 2
MLG College of Learning, Inc
More Related Content
What's hot
Cloud primer
Cloud primer
Zeno Idzerda
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Financial Poise
Privacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital World
Arab Federation for Digital Economy
Websites: do you tick all the boxes?
Websites: do you tick all the boxes?
walescva
Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1
Dione McBride, CISSP, CIPP/E
S719a
S719a
ecommerce
Privacy and missing persons
Privacy and missing persons
mpcislides
Information Privacy
Information Privacy
primeteacher32
57th ICCA Congress | 12.11.2018 | Data Protection - 150 days after GDPR
57th ICCA Congress | 12.11.2018 | Data Protection - 150 days after GDPR
ICCA (International Congress and Convention Association)
2013.11.30.Brook-CSA_Congress_EU_Avoiding_US_Cloud_Providers
2013.11.30.Brook-CSA_Congress_EU_Avoiding_US_Cloud_Providers
Jon-Michael C. Brook, CISSP
Digital Velocity London 2017 - Data Privacy and Sovereignty, Sheila Fitz Patrick
Digital Velocity London 2017 - Data Privacy and Sovereignty, Sheila Fitz Patrick
Tealium
AIIM 2015 - Data Privacy
AIIM 2015 - Data Privacy
Alan Pelz-Sharpe
Privacy issues and internet privacy
Privacy issues and internet privacy
vinyas87
Personal Data Protection Law
Personal Data Protection Law
Hatice Zümbül, LL.M.
Privacy 101
Privacy 101
Trish McGinity, CCSK
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulations
Ulf Mattsson
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
centralohioissa
Data Privacy
Data Privacy
Home
Legal update
Legal update
Rachel Aldighieri
[Privacy Webinar Slides] Global Enforcement Priorities
[Privacy Webinar Slides] Global Enforcement Priorities
TrustArc
What's hot
(20)
Cloud primer
Cloud primer
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Privacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital World
Websites: do you tick all the boxes?
Websites: do you tick all the boxes?
Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1
S719a
S719a
Privacy and missing persons
Privacy and missing persons
Information Privacy
Information Privacy
57th ICCA Congress | 12.11.2018 | Data Protection - 150 days after GDPR
57th ICCA Congress | 12.11.2018 | Data Protection - 150 days after GDPR
2013.11.30.Brook-CSA_Congress_EU_Avoiding_US_Cloud_Providers
2013.11.30.Brook-CSA_Congress_EU_Avoiding_US_Cloud_Providers
Digital Velocity London 2017 - Data Privacy and Sovereignty, Sheila Fitz Patrick
Digital Velocity London 2017 - Data Privacy and Sovereignty, Sheila Fitz Patrick
AIIM 2015 - Data Privacy
AIIM 2015 - Data Privacy
Privacy issues and internet privacy
Privacy issues and internet privacy
Personal Data Protection Law
Personal Data Protection Law
Privacy 101
Privacy 101
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulations
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Data Privacy
Data Privacy
Legal update
Legal update
[Privacy Webinar Slides] Global Enforcement Priorities
[Privacy Webinar Slides] Global Enforcement Priorities
Similar to Keeping Information Safe: Privacy and Security Issues
Safe Harbor: A framework for US – EU data privacy
Safe Harbor: A framework for US – EU data privacy
Raymond Cunningham
Lesson 2
Lesson 2
MLG College of Learning, Inc
Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2
MLG College of Learning, Inc
Lesson 2-Identify Theft
Lesson 2-Identify Theft
MLG College of Learning, Inc
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Diana Maier
Chapter 3 - Lesson 2.pptx
Chapter 3 - Lesson 2.pptx
JhaiJhai6
Introduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and Requirements
Financial Poise
Privacy issues in data analytics
Privacy issues in data analytics
shekharkanodia
IoT PPT Deck
IoT PPT Deck
John Yates
Examples of international privacy legislation
Examples of international privacy legislation
Ulf Mattsson
Data breach protection from a DB2 perspective
Data breach protection from a DB2 perspective
Craig Mullins
What All Organisations Need to Know About Data Protection and Cloud Computing...
What All Organisations Need to Know About Data Protection and Cloud Computing...
Brian Miller, Solicitor
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Financial Poise
Data Protection & Risk Management
Data Protection & Risk Management
Endcode_org
3A – DATA PROTECTION: ADVICE
3A – DATA PROTECTION: ADVICE
CFG
Introduction to EU General Data Protection Regulation: Planning, Implementat...
Introduction to EU General Data Protection Regulation: Planning, Implementat...
Financial Poise
Cybersecurity and Data Privacy Whistleblower Protections
Cybersecurity and Data Privacy Whistleblower Protections
Zuckerman Law Whistleblower Protection Law Firm
Presentation on Information Privacy
Presentation on Information Privacy
Perry Slack
Introduction to EU General Data Protection Regulation: Planning, Implementati...
Introduction to EU General Data Protection Regulation: Planning, Implementati...
Financial Poise
GDPR for Dummies
GDPR for Dummies
Caroline Boscher
Similar to Keeping Information Safe: Privacy and Security Issues
(20)
Safe Harbor: A framework for US – EU data privacy
Safe Harbor: A framework for US – EU data privacy
Lesson 2
Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2
Lesson 2-Identify Theft
Lesson 2-Identify Theft
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Chapter 3 - Lesson 2.pptx
Chapter 3 - Lesson 2.pptx
Introduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and Requirements
Privacy issues in data analytics
Privacy issues in data analytics
IoT PPT Deck
IoT PPT Deck
Examples of international privacy legislation
Examples of international privacy legislation
Data breach protection from a DB2 perspective
Data breach protection from a DB2 perspective
What All Organisations Need to Know About Data Protection and Cloud Computing...
What All Organisations Need to Know About Data Protection and Cloud Computing...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Data Protection & Risk Management
Data Protection & Risk Management
3A – DATA PROTECTION: ADVICE
3A – DATA PROTECTION: ADVICE
Introduction to EU General Data Protection Regulation: Planning, Implementat...
Introduction to EU General Data Protection Regulation: Planning, Implementat...
Cybersecurity and Data Privacy Whistleblower Protections
Cybersecurity and Data Privacy Whistleblower Protections
Presentation on Information Privacy
Presentation on Information Privacy
Introduction to EU General Data Protection Regulation: Planning, Implementati...
Introduction to EU General Data Protection Regulation: Planning, Implementati...
GDPR for Dummies
GDPR for Dummies
More from ipspat
The Role of Claims Construction in Patent Valuation
The Role of Claims Construction in Patent Valuation
ipspat
Building Fences In Cyberspace: Business Method Patents and the Internet
Building Fences In Cyberspace: Business Method Patents and the Internet
ipspat
California Privacy Law: Resources & Protections
California Privacy Law: Resources & Protections
ipspat
Outsourcing Lessons as Learned and Applied by Agilent
Outsourcing Lessons as Learned and Applied by Agilent
ipspat
The Role of Claims Construction in Patent Valuation
The Role of Claims Construction in Patent Valuation
ipspat
Information Security Risk Management
Information Security Risk Management
ipspat
Social Networking Software
Social Networking Software
ipspat
Overview of Legal Structures for Outsourcing
Overview of Legal Structures for Outsourcing
ipspat
Licensing & IP Valutation
Licensing & IP Valutation
ipspat
Current Issues in International Cross-Border I.P. Strategies
Current Issues in International Cross-Border I.P. Strategies
ipspat
Bridging the Gap: Securing IP
Bridging the Gap: Securing IP
ipspat
Intellectual Property Rights in Nanotechnology
Intellectual Property Rights in Nanotechnology
ipspat
Developing a National Software Strategy: Some IP Considerations
Developing a National Software Strategy: Some IP Considerations
ipspat
Changing Relationship Between Venture Capital And Angels - Impact On Funding ...
Changing Relationship Between Venture Capital And Angels - Impact On Funding ...
ipspat
More from ipspat
(14)
The Role of Claims Construction in Patent Valuation
The Role of Claims Construction in Patent Valuation
Building Fences In Cyberspace: Business Method Patents and the Internet
Building Fences In Cyberspace: Business Method Patents and the Internet
California Privacy Law: Resources & Protections
California Privacy Law: Resources & Protections
Outsourcing Lessons as Learned and Applied by Agilent
Outsourcing Lessons as Learned and Applied by Agilent
The Role of Claims Construction in Patent Valuation
The Role of Claims Construction in Patent Valuation
Information Security Risk Management
Information Security Risk Management
Social Networking Software
Social Networking Software
Overview of Legal Structures for Outsourcing
Overview of Legal Structures for Outsourcing
Licensing & IP Valutation
Licensing & IP Valutation
Current Issues in International Cross-Border I.P. Strategies
Current Issues in International Cross-Border I.P. Strategies
Bridging the Gap: Securing IP
Bridging the Gap: Securing IP
Intellectual Property Rights in Nanotechnology
Intellectual Property Rights in Nanotechnology
Developing a National Software Strategy: Some IP Considerations
Developing a National Software Strategy: Some IP Considerations
Changing Relationship Between Venture Capital And Angels - Impact On Funding ...
Changing Relationship Between Venture Capital And Angels - Impact On Funding ...
Recently uploaded
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
hans926745
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
Pixlogix Infotech
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Neo4j
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
RTylerCroy
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Anna Loughnan Colquhoun
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
debabhi2
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
Product Anonymous
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
V3cube
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Martijn de Jong
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Radu Cotescu
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
HampshireHUG
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
Remote DBA Services
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
apidays
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Gabriella Davis
Recently uploaded
(20)
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Keeping Information Safe: Privacy and Security Issues
1.
Intellectual Property Society Managing
Intellectual Property Rights And Privacy Issues In Outsourcing Mountain View , CA - January 20, 20004 Keeping Information Safe: Privacy and Security Issues Françoise Gilbert Palo Alto, CA (650) 804-1235 fgilbert@itlawgroup.com © 2004 IT Law Group www.itlawgroup.com 1
2.
INFORMATION PRIVACY AND
SECURITY IN 2004 • Increased consumers’ awareness – need to protect privacy – risks of theft identity – burden of spam • Increasing number of laws or regulations • Increased government and private scrutiny – Government investigations (e.g. FTC, State agencies) – Private suits (individual or class action) – Actions by private organizations (e.g. TRUSTe) © 2004 IT Law Group www.itlawgroup.com 2
3.
RISKS AND EXPOSURE •
Public relations disasters • Damages and penalties • Payment of plaintiff's attorneys fee • Obligation to implement strict privacy, security procedures • Obligation to submit to audits and government scrutiny • Inability to pursue contemplated transaction © 2004 IT Law Group www.itlawgroup.com 3
4.
TODAY’S PRESENTATION • Understand
the restrictions and requirements before attempting BPO – Privacy and Security in the US • Selected US and State laws • Litigation – Global companies’ concerns • Understand the exposure in transferring data abroad – Data Protection outside of the US – Selected foreign laws • Tools and tips to reduce privacy and security risks in Outsourcing – Due diligence – Contract © 2004 IT Law Group www.itlawgroup.com 4
5.
COMPLEX LEGAL FRAMEWORK •
Sectoral approach; no legislation of general application • Some federal laws (e.g. financial information, health information, children on-line information) • Some state laws (e.g. California SB 1386) • Agency regulations (e.g. FTC, Office of Treasury) • Sect. 5 of FTC ACT and state “mini FTC Acts”, which address unfair or deceptive practices © 2004 IT Law Group www.itlawgroup.com 5
6.
HIPAA A Covered Entity •
May use and disclose Protected Health Information only as permitted or required • May disclose PHI to Business Associates and may allow a Business Associate to create of receive PHI on its behalf only if it obtains “satisfactory assurance” (documented in written agreement) that the Business Associate will appropriately safeguard the information • Will not be in compliance if Business Associate agreement is not adequate, not in place or not enforced © 2004 IT Law Group www.itlawgroup.com 6
7.
GRAMM-LEACH-BLILEY ACT • Creates
an affirmative duty for Financial Institutions to – Respect the privacy of its customers – Protect the security and confidentiality of Non Public Information • FI must give the customer clear and conspicuous notice of the FI’s privacy practices • FI may not disclose an individual’s Non Public Information to non affiliated third parties unless the FI has provided the individual with: – Prior written notice of its intent to disclose; and – Right to opt-OUT (direct that the information not be disclosed) © 2004 IT Law Group www.itlawgroup.com 7
8.
CALIFORNIA LAW SB
1386 If a breach of security occurs, the affected entities must: • disclose any breach of security of the system • following discovery or notification of the breach of security • in the most expedient time possible and without unreasonable delay • in writing • to any resident of California • whose unencrypted personal information – was, or – is reasonably believed to have been acquired by an unauthorized person © 2004 IT Law Group www.itlawgroup.com 8
9.
PRIVACY POLICIES AND
TRANSFER OF DATABASES Toysmart.com • Privacy policy stated: "you can rest assured that your information will never be shared by a third party" • Attempted sale of database of customer information • FTC and 39 state AGs filed injunction to prevent sale • Ultimately, Disney, which had a controlling interest in Toysmart.com, purchased the list for $50,000 and destroyed it © 2004 IT Law Group www.itlawgroup.com 9
10.
PRIVACY & SECURITY
ABROAD EXAMPLES OF COUNTRIES WITH DATA PROTECTION LAWS • 15 EU Members • Hungary • Argentina • Iceland • Australia • Israel • Brazil • New Zealand • Bulgaria • Norway • Canada • Paraguay • Chile • Poland • Czech Republic • Russia • Estonia • Slovakia • Hong Kong • Switzerland © 2004 IT Law Group www.itlawgroup.com 10
11.
EXAMPLES OF COUNTRIES
WITH LIMITED OR NO DATA PROTECTION • Most of Asia except • Philippines Russia • Singapore • China • Central America • India (in progress) • Mexico • Japan (in progress) • Middle East except Israel • Malaysia • Africa © 2004 IT Law Group www.itlawgroup.com 11
12.
TRANSBORDER DATA FLOW
IN EU/EEA • The EU Data Protection Directive requires that the laws of the member countries preclude transmission of data outside the EEA if the data are undergoing processing, or are intended for processing after the transfer, unless the non EEA country ensures an "adequate" level of protection • Exception: – Unambiguous consent by the data subject (i.e. OPT-IN) – Transfer is necessary for performance of a contract, to protect vital interest of the data subject or public interest – Data controller enters into a contract with the third party that ensures the same level of protection as provided under the EU state law © 2004 IT Law Group www.itlawgroup.com 12
13.
DUE DILIGENCE BEFORE
OUTSOURCING • Are there restrictions to giving access to data to a third party? • Which privacy/security laws or regulations govern Company’s activities? • What are Company’s privacy and information security requirements or needs? • What additional cost will result from responding to these needs? • Are Company’s needs and restrictions compatible with Vendor's operations? • Does Vendor (and subcontractors) have adequate information security procedures to protect Company's databases? • What data protection laws are in place in Vendor’s country? © 2004 IT Law Group www.itlawgroup.com 13
14.
OUTSOURCING CONTRACT • Establish
privacy and security policies and guidelines • Define limitations on collection, use, transfer of PII • Require Vendor’s assistance in complying with Company's obligations to clients, employees or law enforcement authorities • Address ownership of PII collected during the relationship • Address Vendor’s ability to subcontract services to third parties • Provide for warranties, indemnification with respect to privacy and security • Consider compliance audits • Address changes required by new law and jurisprudence • Define actions upon termination of the outsourcing relationship © 2004 IT Law Group www.itlawgroup.com 14
15.
QUESTIONS?
Françoise Gilbert fgilbert@itlawgroup.com (650) 804-1235 www.itlawgroup.com © 2004 IT Law Group www.itlawgroup.com 15
Download now