1 25 October 2012 - EPFL Conference Data Protection in Intergovernmental Organizations Workshop 7 February 2013 K. Ernst S. Lüders C. Viala.

Slides:

Advertisements

Similar presentations

PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR

Advertisements

Identifying Data Protection Issues Developing Lifelong Learner Record Systems and ePortfolios in FE and HE: Planning for, and Coping with, Legal Issues.

Legal & Regulatory Compliance. Overview What types of information should be included? What issues or problems might there be? What benefits could be obtained?

Administrative Systems and the Law What you need to know to produce an oral presentation for Unit 7 When the presentations will take place Resources you.

The data retention directive: data protection aspects Frank Robben General manager Crossroads Bank for Social Security Sint-Pieterssteenweg 375 B-1040.

The Data Protection (Jersey) Law 2005.

Auditor General’s Office One key audit focus area – Compliance with Laws and Regulations.

Data Protection webinar: Data Protection & Volunteers 19 th June 2014 Welcome. We’re just making the last few preparations for the webinar to start at.

What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.

A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.

Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Anglican Province of Canada Privacy Policy. Commitment to Privacy The Privacy Policy, including the Web Privacy Statement, is the Anglican Province of.

DATA PROTECTION AND PATIENT CONFIDENTIALITY IN RESEARCH Nic Drew Data Protection Manager University Hospital of Wales   

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.

The Legal Framework Can you work out which slide each bullet point should go on?!

Handling information 14 Standard.

Data Protection, Freedom of Information and Information/Records Management.

The Data Protection Act 1998 The Eight Principles.

Data Protection: An enabler? David Freeland, Senior Policy Officer 23 October 2014.

Data Protection Act AS Module Heathcote Ch. 12.

IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.

FatMax Licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 LicenseCreative Commons Attribution-NonCommercial-ShareAlike 2.5.

The Data Protection Act (1998). The Data Protection Act allows you to Check if any organisation keeps information about you on computer or in paper form.

Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.

Data Protection: What You Need to Know Shauna Dunlop 1 July 2015.

What is personal data? Personal data is data about an individual which they consider to be private.

The right item, right place, right time. DLA Privacy Act Code of Fair Information Principles.

Data Protection Act (1984, 1998). 2 Data Protection Act There are many organisations which hold personal information about individuals Examples: Loyalty.

Data Protection Property Management Conference. What’s it got to do with me ? As a member of a management committee responsible for Guiding property you.

ICT and the Law: We are going to look at 3 areas.  The Copyright, Design, and Patents Act controls Illegal Copying  The Computer Misuse Act prevents.

Twelve Guiding Principles for the Regulation of Surveillance Camera Systems Presented by: Alastair Thomas Date: 23 rd October 2013.

Data Protection - Rights & Responsibilities Information Commissioner’s Office Orkney Practice Forum 4 th July 2007.

THE DATA PROTECTION ACT Data Protection Act 1998 DPA 1. Reasons2. People3. Principles 4. Exemptions 4 key points you need to learn/understand/revise.

Information Systems Unit 3.

Issues Related to Global Information Systems A business can’t just worry about its home- country laws, rules and regulations. If a business has global.

INFORMATION GOVERNANCE AND CONFIDENTIALITY Information Governance Facilitator.

Data Protection and research Rachael Maguire Records Manager.

Session 12 Information management and security. 1 Contents Part 1: Introduction Part 2: Legal and regulatory responsibilities Part 3: Our Procedures Part.

Data Protection Philip Reed. Introduction What is data? What is data protection? Who needs your data? Who wants your data? Who does not need your data?

APEC Privacy Framework “The lack of consumer trust and confidence in the privacy and security of online transactions and information networks is one element.

Session 11 Data protection. 1 Contents Part 1: Introduction Part 2: Applicability and responsibility Part 3: Our procedures on data protection Part 4:

Business Ethics and Social Responsibility GCSE Business and Communication Systems Business and Communication Systems.

Protection of Personal Information Act An Analysis on the impact.

Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.

Hallgrímur Snorrason Management seminar on global assessment Session 6: Institutional and legal framework of the national statistical system Yalta

HIPSSA Project PRESENTATION ON SADC DATA PROTECTION MODEL LAW

Trevor Ellis Trainee Programmer (1981 – 28 years ago)

Issues of personal data protection in scientific research

Data Protection: EU & International

General Data Protection Regulation

Data Protection Legislation

EU Directive 95/46/EC (Paragraph 2) “Whereas data-processing systems are designed to serve man; whereas they must Respect their fundamental rights.

Records Management Compliance Training

GENERAL DATA PROTECTION REGULATION (GDPR)

6 Principles of the GDPR and SQL Provision

Data Protection Act.

Data Protection principles

Identify the laws and guidelines that affect day-to-day use of IT.

Information management and communication

General Data Protection Regulations 2018

What is the Data Protection Act (DPA)? 1998

IAPP TRUSTe SYMPOSIUM 9-11 JUNE 2004

PRIVACY PRESENTATION TO THE SPRING 2013 CONFERENCE BY HANK MOORLAG

Hot Topic 1: GDPR and Traffic Data Systems

Identify the laws and guidelines that affect day-to-day use of IT.

Data Protection What can I do? GDPR Principles General Data Protection

Handling information 14 Standard.

General Data Protection Regulation Community Councils

GDPR what do we need to do?

Presentation transcript:

1 25 October EPFL Conference Data Protection in Intergovernmental Organizations Workshop 7 February 2013 K. Ernst S. Lüders C. Viala

2 Data Protection Frameworks OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data cyandtransborderflowsofpersonaldata.htm Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data :PDF National data protection laws, e.g. the Swiss Federal Act on Data Protection

3 Common Personal Data Protection Principles Personal data must be: processed fairly and lawfully; collected for a limited purpose and not kept longer than necessary; adequate, relevant and not excessive in relation to the purpose for which data is collected and processed; accurate, and where necessary, kept up to date; collected and processed pursuant to the rights of the person concerned; stored and processed securely; not transferred without adequate protection; treated confidentially.

4 Data Protection Initiative at CERN An ad-hoc Working Group (composed of IT security and legal staff) identified a need for: 1. classification and improved protection of personal data of CERN Contributors (i.e. all persons working at or on behalf of CERN), taking into account the growing digitalization of data. → the protection of personal data of CERN personnel is a legal obligation under CERN‘s Staff Rules and Regulations. 2. consistent and comprehensive regulations on the use and flow of data within CERN to ensure a secure, qualitative and effective handling of the Organization‘s activities and related data. → the protection of other CERN data is not a legal obligation but a homogenization of existing rules is desired, considering the amount of data generated by CERN in different areas (science, administration, CERN governing bodies)

5 Data Protection Issues Encountered (1) 1. Which data does CERN hold? 2. What is CERN data? Which is internal data, which is external data (difference between ownership and possession)? 3. What data should be covered by the CERN data protection policy? 4. In terms of protection, should one distinguish between personal and other data?

6 Data Protection Issues Encountered (2) 5. Data classification: which categories, how many, for which type of data? Whose responsibility is it to classify data? 6. Data access and sharing: who can access different types of data? Who can grant access to data to whom? What is the role of CERN‘s IT department in this area?

7 Data Protection Issues Encountered (3) 7. Data storage: which type of storage for digital and hardcopy data? Whose responsibility? How to handle (inter-)dependencies of data storages? 8. Data retention: which retention periods for which type of data? Digitalization of all data (IT issues)? Whose responsibility? 9. Data destruction: how to destroy data (difference between digital and paper data)?

8 Food for Discussion 1. What is your IGO‘s approach to (personal) data protection? 2. To which extent should IGOs comply with the principles of national/international data protection schemes? 3. What does your IGO cover by its data protection scheme, or, in case it does not have such a scheme, what do you think should be covered?