Tina Kraigher and Milena Podjed-Fabjančič 18 April 2010 Processing of Telephone Traffic Data of Employees ( a Case Study )

Slides:

Advertisements

Similar presentations

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.

Advertisements

ETHICS. Business Conduct  The Agent agrees to conform to all applicable federal, state and local laws in conducting business under this agreement.

AP Government Bill of Rights Slideshow Template

LAW for Business and Personal Use © 2012 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible.

Right to Privacy: The Unwritten Right

Search and Seizure on the Premises of the Danish Parliament (the Folketing) Conditions, background and practice.

The New Mediation Regulation October 16, 2012 Commissioner Derrick L. Williams.

Law enforcement officers conduct searches every day in an effort to find evidence that can be seized and used in court to prosecute people who have violated.

The National Academy of Sciences of Ukraine Kyiv University of Law Anna Vasilchenko Department of International Law Group IL-41.

© 2003 Rule 1.9. Duties to Former Clients (a) A lawyer who has formerly represented a client in a matter shall not thereafter represent another person.

EMPLOYMENT LAW CONSIDERATIONS JULY 13, 2004 Professor Susan Carle.

Developed by Susan Carle under NIC Cooperative Agreement 06S20GJJ1 EMPLOYMENT LAW CONSIDERATIONS Investigating Allegations of Staff Sexual Misconduct with.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Overview

Marketing - Best Practice from a Legal Point of View Yvonne Cunnane - Information Technology Law Group 30 November 2006.

The Constitution.

Due Process and Equal Protection

DATA PRIVACY PERSONNEL FILES “P-FILE”. Wisconsin Public Records Wisconsin Statue – Wisconsin Statue – Wisconsin Statue 230 Wisconsin.

Legal status of CMS circulars Paul Midlane. Confused? Performance based incentives for managed healthcare is not permitted CMS indaba cancelled Supporting.

REGULATION OF HEALTH PRACTICE Prof Ames Dhai. Introduction Constitution Statutes (Acts of Parliament) Common Law Criminal.

The Basics AMERICAN GOVERNMENT. The Bill of Rights  What is the Bill of Rights?  The Bill of Rights are the first ten amendments.  Why was the Bill.

HIPAA PRIVACY AND SECURITY AWARENESS.

THE FIRST TEN AMENDMENTS TO THE US CONSTITUTION The Bill of Rights.

Confidentiality, Consents and Disclosure Recent Legal Changes and Current Issues Presented by Pam Beach, Attorney at Law.

Amicus Legal Consultants THE DEPLOYMENT OF SPECIAL INVESTIGATIVE MEANS IN PROACTIVE ANTI-CORRUPTION INVESTIGATIONS.

Ide kerülhet az előadás címe CCTV operation at work Belgrade, 11 th April 2013.

1 POLICY AND DECISION MAKING PROCESS. By the Secretariat.

Dobson Ranch August 16, Job Description  Section 8. Duties. To the extent that such  duties are not assigned or delegated to a  manager or executive.

SS4H5 The student will analyze the challenges faced by the new nation.

Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.

Bill of Rights Proposed: September 25, 1789 Ratified: December 15, 1791 Meant to restrict national government, not the states (14 th Amendment makes them.

The Bill of Rights. I Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom.

And Policy on Confidentiality of Records for The University of Alabama.

Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.

BILL OF RIGHTS Original Ten Amendments: The Bill of Rights Passed by Congress September 25, Ratified December 15, 1791.

LAW OF COMPUTER TECHNOLOGY FALL 2015 © 2015 MICHAEL I. SHAMOS Regulatory Law Michael I. Shamos, Ph.D., J.D. Institute for Software Research School of.

OHS Seminar DO THE TIME – avoid the crime! Miles Crawley 8 June 2007.

1 A decade of revisions at UNCITRAL Special Course 6 – James Castello Lecture 3 Arbitration Academy PA R I S SUMMER COURSES

The Canadian Charter of Rights and Freedoms

PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.

Data protection and European citizens’ initiatives

Bill of Rights  First Ten Amendments to the Constitution  Aims to protect people against the abuses of the Federal Government.

ETHICS: CONFIDENTIALITY OF IFTA DATA IFTA ATTORNEYS’ SECTION MEETING October 7, :30-10:00 a.m. Jim Clark Motor Carrier Services Attorney Indiana.

Copyright © Allyn & Bacon 2008 Chapter 7 Liability and Student Records This multimedia product and its contents are protected under copyright law. The.

7 th Grade Government and Civics The Bill of Rights Grade 7 Mr. Cole

An Introduction to the Privacy Act Privacy Act 1993 Promotes and protects individual privacy Is concerned with the privacy of information about people.

National INFOSEC Organisations and INFOSEC Management in Hungary.

RIGHT TO LIBERTY AND SECURITY Art. 5 ECHR Elizabeta Ivičević Karas Faculty of Law, University of Zagrebu.

John Marshall John Marshall is considered one of the most influential Supreme Court Justices in American History.

Due Process Amendments What is due process? Due process, for the people of the United States, refers to how laws are enforced why laws are.

PRIVACY IN THE ELECTRONIC COMMUNICATIONS SECTOR IN BULGARIA.

Confiscation of assets: the relationship between administrative control and criminal investigation bodies Corina Badea Counsellor Department for the relation.

Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.

Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.

M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 10 – Information society and media.

Arizona City Attorneys Association Conference, May 19, 2016 Update on Ethics Rules for Government Lawyers Geoffrey Sturr Osborn Maledon, P.A.

School Law and the Public Schools: A Practical Guide for Educational Leaders, 5e © 2012 Pearson Education, Inc. All rights reserved. Chapter 7 Liability.

HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.

The United states constitution AND BILL OF RIGHTS

Mr. Lauta The Bill of Rights

Issues of personal data protection in scientific research

Data protection issues in regulatory investigations

Data Protection principles

Presentation for the Equinet Seminar on Tackling discrimination and protection for carers in Europe The Greek Labor Inspectorate and its cooperation with.

Data Protection in Law Enforcement Area Chapter 9a of the draft law

Protecting the basic freedoms since 1791

REGIONAL WORKSHOP ON WHISTLEBLOWER PROTECTION IN SECURITY SECTOR

MEASURES AND ACTIVITIES PREVENTING UNDECLARED EMPLOYMENT

Presentation transcript:

Tina Kraigher and Milena Podjed-Fabjančič 18 April 2010 Processing of Telephone Traffic Data of Employees ( a Case Study )

Background

Possible violation detected Inspection procedure ex officio Offence proceeding Appeal

Personal Data Violation Allegations Head of a state office allegedly obtained and examined itemised billing for business mobile phone services, with no legal basis for such processing of personal data, with the intention to determine which of his employees contacted a reporter and disclosed classified information.

Facts established Telephone traffic data obtained: - for 6 business mobile telephones used by employees - for a certain time period - data separately stated in the itemised billing : - exact date and time of call/sms - the called number - exact call duration - type of mobile service provided (call, sms…) - sum charged for the provided service

Facts established Statement of the offender in the inspection procedure: - Itemised billing obtained for the purpose of reconstructing the path and establishing exact time line of communication between employees in the night of the attempt assassination. - Aiming to inform the public of a prompt and correctly lead procedure in crisis situation. - Legal basis: General Terms and Conditions of the mobile operator. - Belief that the subscriber is entitled to obtain and examine itemised billing irrespective of who is the actual user of a certain telephone number.

Facts established Statement of the offender in the offence proceeding: - All actions taken in accordance with the Internal Rules. Internal Rules on the use of business mobile phones and mobile phone services: The employee agrees with the employer to obtain telephone traffic data and data on charged services for the purpose of verifying the sum charged and objecting against it by signing the acceptance papers for the use of a business telephone. -

Facts established Statement of the offender in the offence proceeding: -Data obtained for the purpose of verifying the accuracy of sum charged – exercising general competence to supervise the use of public funds in the body as head of state body. - Notwithstanding the signed acceptance forms, the offender obtained written consents of 4 employees prior to obtaining the itemised billing – consenting to any form of processing.

Facts established The offender refutted the offence charges claiming that: -Data was not obtained with a purpose of establishing a time line of actions taken in the night of the attempt assassination – the two events merely coincided. -Data obtained was not examined with a purpose of determining which of the 6 employees communicated with the reporter – phone number of the reporter was an accidental discovery.

As to the Law Art. 37 : Protection of the Privacy of Correspondence and Other Means of Communication (1) The privacy of correspondence and other means of communication shall be guaranteed. (2) Only a law may prescribe that on the basis of a court order the protection of the privacy of correspondence and other means of communication and the inviolability of personal privacy be suspended for a set time where such is necessary for the institution or course of criminal proceedings or for reasons of national security. The Constitution Art. 38 : Protection of Personal Data (1) The protection of personal data shall be guaranteed. The use of personal data contrary to the purpose for which it was collected is prohibited. (2) The collection, processing, designated use, supervision and protection of the confidentiality of personal data shall be provided by law. (3) Everyone has the right of access to the collected personal data that relates to him and the right to judicial protection in the event of any abuse of such data.

As to the Law Electronic Communications Act: Art. 3: 25. Traffic data shall mean any data processed for the purpose of conveying a communication on an electronic communications network or for the billing thereof.

As to the Law In the Supreme Court of RS opinion telephone traffic data are essentially equal to data concerning postal correspondence and are therefore protected in the same manner - as communications privacy. The Constitutional Court of RS held that communications privacy includes private and business correspondence and that invasion of privacy cannot be legitimately justified solely on the ownership of the means of communication.

As to the Law Purpose for which data is obtained: -prescribed by law or -informed consent given Purpose for which data is further processed: - not in counter to the purpose for which data was obtained Unless otherwise - prescribed by law or - informed consent given

As to the Law Personal Data Protection Act: Art. 16: “Personal data may only be collected for specific and lawful purposes, and may not be further processed in such a manner that their processing would be counter to these purposes, unless otherwise provided by statute.”

As to the Law Personal Data Protection Act: Art. 8: “ The purpose of processing personal data must be provided by statute, and in cases of processing on the basis of personal consent of the individual, the individual must be informed in advance in writing or in another appropriate manner of the purpose of processing of personal data.”

As to the Law Personal Data Protection Act: Art. 91: A fine from EUR 830 to shall be imposed for a minor offence on the responsible person of the legal person if he collects personal data for purposes that are not defined and lawful, or if he continues to process them in contravention of Article 16.

As to the Law There is no national law determining the legal purpose for collecting and further processing of telephone traffic data of an employee’s business telephone. Therefore the employer can only collect traffic data and process it further if the employee gives his personal consent and is aware of the purposes for which they are collected and further processed.

As to the Law Internal Rules on the use of business mobile phones and mobile phone services: The employee agrees with the employer to obtain telephone traffic data and data on charged services for the purpose of verifying the sum charged and objecting against it by signing the acceptance papers for the use of a business telephone.

Conclusions of the procedure The offender illegally obtained itemised billings for 2 employees: He obtained the itemised billings not for the purpose of verifying the sum charged or objecting against it, but he collected data for the purpose of reconstructing the events and establishing exact time line of Communication between employees in the night of the attempt assassination and further used it to determine which of the 6 employees communicated with the reporter. The Information Commissioner fined the offender for 2 violations of personal data with the total sum of euros.

Some Considerations According to the latest Law amending The Electronic Communications Act such “accidental” disclosure is not possible – the mobile operators are obliged to hide last three digits of called phone numbers in the itemised billings. There are some propositions to enforce a special law, which would regulate privacy at work as a whole – including electronic and other communication of employees.