EU Personal Data Transfers: The Perspective of a Friendly U.S. Harborite And AMCHAM EU Member Christopher Foster Assistant General Counsel, Data Privacy.

Slides:

Advertisements

Similar presentations

ETHICS AS CULTURE KEY ELEMENTS Stage One (primary) – Key Elements of a Culture of Ethics Appoint an ethics program manager to oversee your ethics-related.

Advertisements

EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.

Tips and Resources IASC Cluster/Sector Leadership Training

Transborder Data Flows & Privacy Contractual clauses in the practice Tanguy Van Overstraeten Washington DC October 16, 2007.

1 Enforcement Powers of National Data Protection Authorities and Experience gained of the Data Protection Directive Safe Harbour Conference Washington.

Yukiko Ko Binding Corporate Rules – Global Implications Conference on Cross Border Data Flows and Privacy October 16, 2007.

GE’s Binding Corporate Rules: Achievements, Challenges and Solutions

Course Material Overview of Process Safety Compliance with Standards

2 1.Client protection principles 2.Principle #6 in practice 3.The client perspective 4.Participant feedback 5.Tools for improving practice 6.Conclusion.

Business Continuity Training & Awareness by Sulia Toutai (ANZ)

Core principles in the ASX CGC document. Which one do you think is the most important and least important? Presented by Casey Chan Ethics Governance &

TECHNICAL VOCATIONAL EDUCATIONAL AND TRAINING COLLEGES AN INTRODUCTION TO THE IMPEMENTATION OF A COMPLIANT RISK MANAGEMENT PROCESS July 2014.

Robert L. Rothman Donald A. Cohn

BNSF Ethics and Compliance Program Roger Nober Executive Vice President Law and Secretary July 13, 2011.

Security Controls – What Works

© 2003 IBM Corporation Privacy 12 th CACR Workshop Yim Y. Chan Chief Privacy Officer & CIO IBM Canada Ltd. w3.ibm.com/Privacy.

Who is FCm? FCm Global Network (Equity & Partner Countries) Total 75+ Countries Network - $4.67b EMEA - $2.51b APAC - $1.25b Americas - $914m Offices.

© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.

Corporate Ethics Compliance *

Building a Compliance Risk Monitoring Program HCCA Compliance Institute New OrleansApril 19, 2005 Lois Dehls Cornell, Esq. Assistant Vice President, Deputy.

Employee privacy in a global company Sandra Kelman Privacy Manager (Asia Pacific) Privacy Issues Forum 30 March 2006.

Per Anders Eriksson

The U.S.-E.U. Safe Harbor Framework The U.S.-E.U. Safe Harbor Framework New Developments in Data Flows, Standards, & Compliance Damon Greer U.S. Department.

Transborder dataflows Flow of information across national borders Much of this data involves personal information.

Anomalous Aspects of Transfer of Personal Data from the E.U. to the U.S. Stephen R. Bell Willkie Farr & Gallagher ABA Section of International Law New.

From European to international standards on data protection (1/2)

Class 13 Internet Privacy Law European Privacy.

THE CHOICES WE MAKE THAT MATTER – International Data Privacy/Protection JILL L. UREY, ASSISTANT GENERAL COUNSEL MID-ATLANTIC CIO FORUM NOVEMBER 20, 2014.

Internal Auditing and Outsourcing

Service Organization Control (SOC) Reporting Options and Information

Audits & Assessments: What are the Differences and How Do We Learn from the Results? Brown Bag March 12, 2009 Sal Rubano – Director, Office of the Vice.

Company Confidential How to implement privacy and security requirements in practice? Tobias Bräutigam, OTT Senior Legal Counsel, Nokia 8 October

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

Finance and Governance Workshop Data Protection and Information Management 10 June 2014.

Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.

Managing the Privacy Function at a Large Company Kimberly S. Gray, Esq., CIPP Chief Privacy Officer Highmark Inc.

Corporate Governance at CDS Ian A. Gilhooley President and CEO.

IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.

Right to Complain – Brussels30 November 2006 Right to complain Complaint mechanisms at the European Investment Bank 30 November 2006.

The Impact of Privacy on HP’s Customer Relationship Management Solution Mike Overly Vice President, Marketing © 2003 Hewlett-Packard Development Company,

G:\99Q3\9220\PD\AJD2.PPT 1 Harriet P. Pearson Chief Privacy Officer IBM February 7, 2003 IBM.

Rhonda Anderson, RHIA, President  …is a PROCESS, not a PROJECT 2.

Data Governance 101. Agenda  Purpose  Presentation (Elijah J. Bell) Data Governance Data Policy Security Privacy Contracts  FERPA—The Law  Q & A.

What GPOs are Doing to Promote Ethical Compliance Megan Barry VP, Ethics and Compliance Premier, Inc.

Implementing an Effective Global Anti-Bribery Program Implementing an Effective Global Anti-Bribery Program Elaine Murphy, MBA Director Health Care Compliance.

MODULE 3 Composition & Roles. TAT TEAM APPROACH UPON COMPLETION OF THIS MODULE, PARTICIPANTS SHOULD UNDERSTAND: 3 – 2  Composition of the Threat Assessment.

Malcolm Crompton APEC Information Privacy Framework: review, impact, & progress APEC Symposium on Information Privacy Protection in E Government & E Commerce.

NEACS: CRO Perspective William Feher Vice President, Internal Audit and Chief Risk Officer October 27, 2015.

Copyright © 2015 Raytheon Company. All rights reserved. Customer Success Is Our Mission is a registered trademark of Raytheon Company. Fine Tuning Anti-Corruption.

Chapter 8 Auditing in an E-commerce Environment

Prof. Karen Goodlad, HMGT 1101, Fall 15.  Identify qualities of leaders  Identify how to develop our own leadership skills  Evaluate the role of HR.

1 Agencia Española de Protección de Datos The Use of Contracts and BCRs to Transfer Personal Data The European Union – United States Safe Harbor framework:

1 TAIEX JHA Workshop on data protection and cloud computing Data transfers to third countries and standard contractual clauses Skopje, 29 May 2014.

Data protection—training materials [Name and details of speaker]

1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.

Purchasing Cards. What is a Purchasing Card? It is a type of commercial credit card, used by organizations for payment of goods and services. This tool.

Key Points for a Privacy Programme for Multinationals Steve Coope.

HOW TO AVOID COMMON DATA BREACH PITFALLS IAPP Privacy Academy 2014.

COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.

Shared Services and Third Party Assurance: Panel May 19, 2016.

Data Protection Officer’s Overview of the GDPR

General Data Protection Regulation

Information Governance and Data Privacy: A World of Risk

Bob Siegel President Privacy Ref, Inc.

Employee Privacy and Privacy of Employee Information

Data transfers to non-EU countries under the new GDPR

HIPAA Policy & Procedure Strategies

Anatomy of a Common Cyber Attack

Presentation transcript:

EU Personal Data Transfers: The Perspective of a Friendly U.S. Harborite And AMCHAM EU Member Christopher Foster Assistant General Counsel, Data Privacy October 16, 2007

2HONEYWELL - CONFIDENTIAL # Department of Commerce, Inc. Jonathan Faull is an employee of DOC, Inc. Representatives from each EU country have produced videos for us Department of Commerce, Inc. – Video Education Program

3HONEYWELL - CONFIDENTIAL # Department of Commerce, Inc. – Video Education Program Department of Commerce, Inc. Jonathan Faull is an employee of DOC, Inc. Representatives from each EU country have produced videos for us Sensitive personal data? Analysis in each country. Consent required? Analysis in each country. DPA Notifications required? Analysis in each country. Standard contractual clauses?

4HONEYWELL - CONFIDENTIAL # Lisa Parlato LeDonne Chief Privacy Officer Chief Labor & Employment Counsel VP & Deputy General Counsel Chris Foster Assistant General Counsel – Data Privacy Director HR -- CPG Germany Privacy Officer – EMEA Data Privacy Function Members Director HR, Canada Regional Privacy Officer – Canada & Latin America GC and AGC Honeywell APAC Regional Privacy Officer – Asia-Pacific National Privacy Officers as Required TBD Regional Privacy Officer – Latin America Senior IT Auditor Data Privacy

5HONEYWELL - CONFIDENTIAL # Data Privacy Team Members Director, IT CISO AerospaceCISO CorporateDirector and CISO/ACSDirector & CISO-SM & TSDirector - Online Communications IT Manager, HRIT Data Management TBD IT VP-Enterprise Infrastructure Consolidation Privacy Liaisons Director Employee and Labor Relations COE EMEA Lead HRIS Aerospace Director IT Turbo Technologies Labor COE Director HR, SM Diversity DirectorDirector, Aerospace Customer Portal Senior IT Audit Data Privacy TS China HR DirectorHead HR – Talent Engagement, HTS Director Corporate Learning GTS, Global Operations Leader Director, Procurement HR Srvc, and Solutions Director HR Law Manager Communications Vice President HR Data Administration Asst. General Counsel Benefits

6HONEYWELL - CONFIDENTIAL # Data Privacy Team Members IT Aerospace IT Transportation Systems IT Specialty MaterialsIT ACS Other Interested Persons Manager Integrity and Compliance Manager Program IT Aerospace EMEAAsst. General Counsel Benefits Corporate Manager IT Vice President Global Security VP GC EMEAVP HR EMEA

7HONEYWELL - CONFIDENTIAL # ASSISTANT GENERAL COUNSEL – DATA PRIVACY Responsible for: –driving global privacy compliance, including certification to Safe Harbor Agreement –conducting privacy reviews of projects and drafting notices and contracts –developing and implementing privacy guidelines, operating procedures and training –maintaining data access/privacy inquiry and internal audit mechanisms –coordinating with Regional Privacy Officers NATIONAL PRIVACY OFFICERS Part-time roles focused on local support keeping the Regional Privacy Officers informed and escalating issues as necessary Address local issues/complaints Assist with Works Council communications/concerns Responsible for local training rollout Meet quarterly to review significant initiatives and to analyze risk assessment and participate in remediation efforts REGIONAL PRIVACY OFFICERS Part-time roles focused on regional support Report to Assistant General Counsel – Data Privacy and coordinate regional issues Assist with Works Council communications/concerns Liaison between Assistant General Counsel – Data Privacy and national resources escalating issues to the Data Privacy Function as necessary Meet quarterly to review significant initiatives and analyze risk assessment and participate in remediation efforts CHIEF PRIVACY OFFICER (CPO) Responsible for overall data privacy compliance strategy and implementation Leading quarterly meetings of DPF Team Data Privacy Team Roles PRIVACY LIAISONS Responsible to report to the Function any security breaches or other significant privacy matters Meet quarterly to review significant initiatives and to analyze risk assessment and participate in remediation efforts Report back to their organizations on Privacy Function initiatives/developments HIPAA OFFICER Responsible to HIPAA compliance Participates in quarterly Privacy Liaison meetings and provides updated on HIPAA law OTHER INTERESTED PERSONS Optionally participate in quarterly meetings and help with compliance efforts and communication within their respective organizations

8HONEYWELL - CONFIDENTIAL # DPF Compliance Program Overview Current compliance approach – Safe Harbor Plus Local compliance approach focused on HR data Safe Harbor principles for data transferred to U.S. Model Contracts for data sent from EMEA to non-U.S. countries Attention on U.S. SSNs and other sensitive identification data - Technical remedies include laptop encryption and extrusion detection - Swift investigation and response required for any potential and actual data security breaches involving SID - Has motivated many initiatives to reduce the companys risk of allowing unauthorized access to SID Emerging Compliance Approach – Global Use Binding Corporate Rules to treat all personal data, including customer and supplier personal data Interim step of one-Company Policy guided by privacy principles Expand global focus on security for most sensitive personal data

9HONEYWELL - CONFIDENTIAL # AMCHAM EU Position on Intra-EU Data Flows General assessment Flexible mechanisms for international data transfers are key for companies operating on both sides of the Atlantic. Directive needs to be implemented consistently in all 27 EU Member States Too often, 27 different compliance regimes Binding Corporate Rules BCRs provide an excellent new mechanism for companies to transfer data to non-EEA countries. The benefit is a unified, global company standard, tailored to a companys unique culture or business compliance processes. More DPA resources should be devoted to reviewing BCRs Mutual recognition of a lead DPAs approval by other DPAs Clear indication of what each DPA requires to approve a set of BCRs

10HONEYWELL - CONFIDENTIAL # AMCHAM EU Position on Intra-EU Data Flows Standard Contractual Clauses Alternative Standard Contractual Clauses are a valuable means to legitimize data transfer outside the EEA. However, a number of practical difficulties remain in the application of the clauses. DPAs should support multi party contracts Consistent standards for notification and approval WP 29 should prepare a report on companies obligation to file SCCs EU Member States should apply uniform procedural requirements when using the clauses Onward transfer to a data processor should be allowed. Consent Consent is a useful tool for transferring some personal data to third countries, in particular relating to employee data for specific applications. Adequate prior information needs to be provided. Consent by employees should be acceptable for specific applications Consent by employees should also be acceptable for less confidential data Countries legal requirements should be limited to the Directives demands Safe Harbor The Safe Harbor Agreement is a success, as it provides a flexible and well-structured process to manage the free flow of information between signatories of the agreement. Safe Harbor should be extended to sectors currently excluded.