Copyright JNT Association 20071 Federated Identity and Data Protection Law Andrew Cormack, Eva Kassenaar, Mikael Linden, Walter Martin Tveter.

Slides:



Advertisements
Similar presentations
PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR
Advertisements

NIGB Legal requirements for use of personal data in research OnCore UK / NRES Training workshop Ethical Principles relating to consent for use of samples.
NATIONAL INFORMATION GOVERNANCE BOARD
DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
THE FOLLOWING SLIDES EXPLAIN THE REQUIRED ELEMENTS THAT MUST BE INCLUDED FOR A HIPAA AUTHORIZATION TO BE VALID HIPAA Authorizations.
Innovation through participation Attributes Release Working Group European data protection directive REFEDS meeting 22th Apr, 2012
DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
Data Protection & Freedom of Information The Practical Implications of Data Protection and Freedom of Information Caroline Dominey Data Protection Officer.
Cooperative Research IRB Brownbag, 3/4/08. ISU Policy Cooperative research projects are those projects which involve more than one institution. The official.
Data Protection Data Protection Acts 1988 & 2003 Directive 95/46/EC Privacy.
8 Criteria for IRB Approval of Research 45 CFR (a)
4/3/20011 Ethics in Special Education Assessment and Testing and Maintenance of Student Information.
National Smartcard Project Work Package 8 – Information Law Report.
An overview of the Data Protection Act Legal framework The Data Protection Act 1998 came into force in March 2001, replacing the Data Protection.
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
The Legal Framework Can you work out which slide each bullet point should go on?!
Workshop on Health Examination Surveys (HES) Legal and ethical issues Susanna Conti, M. Kanieff, G. Rago Istituto Superiore di Sanità (ISS) (National Public.
Data protection supervision authority’s practice concerning exception provided in par. 2 of article 5 of Directive 2002/58/EC DIJANA ŠINKŪNIENĖ State Data.
Computers, the law and ethics  Lesson Objective: Understand some of the legal & ethical issues in developing computer systems  Learning Outcome: Know.
Guidelines for data preparation - ESRC Datasets Policy Louise Corti ESDS/UKDA Social Science Data Archives for Social Historians: creating, depositing.
The Data Protection Act 1998 The Eight Principles.
ESRC Datasets Policy and Qualitative Data Preparation Gill Backhouse Senior Acquisitions and Liaison Officer Qualidata.
RESPONSIBLE CONDUCT IN HUMAN SUBJECTS RESEARCH MARGARITA M. CARDONA DIRECTOR OF SPONSORED RESEARCH Institutional Review Board.
Data Protection Act AS Module Heathcote Ch. 12.
Privacy and Confidentiality. Definitions n Privacy - having control over the extent, timing, and circumstances of sharing oneself (physically, behaviorally,
Data Protection Act & Freedom of Information Simon Mansell Corporate Governance and Information Team.
The Data Protection Act (1998). The Data Protection Act allows you to Check if any organisation keeps information about you on computer or in paper form.
Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
Processing personal health data: the regulator’s perspective Ken Macdonald Assistant Commissioner Information Commissioner’s Office.
What is personal data? Personal data is data about an individual which they consider to be private.
International Investigations: Issues to Consider When Conducting or Defending Against an FCPA Investigation Outside the United States Presented by: Sandee.
INTERNATIONAL E-DISCOVERY: WHEN CULTURES COLLIDE Alvin F. Lindsay Hogan & Hartson LLP.
10/25/2015 AEB/Yleisesittely Organising Federated Identity in Finnish Higher Education TNC2005 Mikael Linden June 8th, 2005.
Data Protection Act (1984, 1998). 2 Data Protection Act There are many organisations which hold personal information about individuals Examples: Loyalty.
TERENA Networking Conference 2005©The JNT Association, 2005 Network Performance Measurement: Privacy and Legal Issues Andrew Cormack, UKERNA
Data Protection - Rights & Responsibilities Information Commissioner’s Office Orkney Practice Forum 4 th July 2007.
We are a group of national health and care organisations working together to provide a joined up and consistent approach to information governance. We.
Data Protection Act The Data Protection Act (DPA) is a balance between rights of the DATA SUBJECT and obligations of the DATA CONTROLLER DATA CONTROLLER.
Information Technology & Ethics. Impact The impact of IT on information and communication can be categorized into 4 groups: privacy, accuracy, property,
Data Protection Act (1998).
Copyright JNT Association 2009GN3, 8 th September Inter-Federation Agreements eduGAIN and beyond? Andrew Cormack Chief Regulatory Adviser, JANET(UK)
Computing, Ethics & The Law. The Law Copyright, Designs and Patents Act (1988) Computer Misuse Act (1990) Data Protection Act (1998) (8 Main Principles)
DATA PROTECTION ACT INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March It is more far reaching than its predecessor,
Networks ∙ Services ∙ People Nicole Harris UK federation meeting eduGAIN, REFEDS and the UK 23 June 2015 Project Development Officer GÉANT.
Sharing Personal Data ‘What you need to know’ Corporate Information Governance Team Strategic Intelligence.
Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
Section 4 Policies and legislation AQA ICT A2 Level © Nelson Thornes Section 4: Policies and Legislation Legislation – practical implications.
The Data Protection Act 1998
Trevor Ellis Trainee Programmer (1981 – 28 years ago)
Data protection issues in regulatory investigations
Data Protection Act.
The Data Protection Act 1998
Data Protection Legislation
GDPR - Individual’s Rights
Getting to grips with the Homelessness Reduction Act:
Limited Scope Representation
Data Protection principles
Mathew Norman, Policy & Public Affairs Officer, RLA Wales
How we use Your Health Records
General Data Protection Regulations 2018
CCG COMMISSIONS HIU COLLATING PROVIDER: A&E BI TEAM CSU
Recording Clinical Data
Recording Clinical Data
IAPP TRUSTe SYMPOSIUM 9-11 JUNE 2004
Federated Identity and Data Protection Law
Privacy & Interfederation
EU Data Protection Legislation
GEANT Data protection Code of Conduct 2.0 REFEDS meeting 16 June 2019
HIU Process Map The collating provider has primacy, and must have/had a direct relationship with the patient CCG COMMISSIONS HIU COLLATING PROVIDER: A&E.
Getting Ready For GDPR Simon Marks Director
Presentation transcript:

Copyright JNT Association Federated Identity and Data Protection Law Andrew Cormack, Eva Kassenaar, Mikael Linden, Walter Martin Tveter

Copyright JNT Association Which Law? Directive 95/46/EC –Processing of personal data allowed when Required to perform contact with data subject, or Required to satisfy legal duty, or If data subject gives free, informed consent –And does not withdraw it –Different conditions apply to each of these NB National laws may vary this a bit

Copyright JNT Association What does it mean for FAM? FAM can be a good thing IF it satisfies the relevant conditions –Which look like good practice anyway… –See next two slides Which use RFC-speak... And not too much law-speak…

Copyright JNT Association Identity Providers Must identify which services are necessary for education/research –Must consider whether personally identifiable information is necessary for those services, or whether anonymous identifiers or attributes are sufficient; –Must inform users what information will be released to which service providers, for what purpose(s). –May release that necessary personally identifiable information to those services; May seek users’ informed, free consent to release personal data to other services that are not necessary for education/research –Must inform users what information will be released to which service providers, for what purpose(s); –Must maintain records of individuals who have consented; –Must allow consent to be withdrawn at any time; –Must only release personal information where consent is currently in effect. Should have a data processor/data controller agreement with all service providers to whom personally identifiable data is released. Must ensure adequate protection of any data released to services outside the European Economic Area.

Copyright JNT Association Service Providers Must consider whether personally identifiable information is necessary for their service, or whether anonymous identifiers or attributes can be used; –Should obtain that information from home organisations; –Should have a data processor/data controller agreement with all home organisations from whom personally identifiable data is obtained; –If no such agreement is in place, must inform users what personal information will be obtained, by which service providers, for what purpose(s). May request personal information from users –Must inform users what information will be released to which service providers, for what purpose(s); –Must ensure that users who do not provide information are not unreasonably disadvantaged; –Must maintain records of individuals who have consented; –Must allow consent to be withdrawn at any time; Must cease processing data when consent is withdrawn

Copyright JNT Association What next? Keep this, in case we’re challenged? Publish it for information (not advice)? Get it validated by authorities? Something else?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.