Emtel 4G LTE NETWORK. “ The DPO Regulatory Perspective about Cloud Solutions” Presented by Mrs Drudeisha Madhub (The Commissionner )

Slides:

Advertisements

Similar presentations

Telecom Regulatory Authority of India An introduction.

Advertisements

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.

© 2013 Sri U-Thong Limited. All rights reserved. This presentation has been prepared by Sri U-Thong Limited and its holding company (collectively, “Sri.

Cyber Security and Data Protection Presented by Mrs Drudeisha Madhub (Data Protection Commissioner ) Tel: Helpdesk:+230.

BIOMETRICS, CCTV & DATA PROTECTION By Drudeisha Madhub Data Protection Commissioner Date:

ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.

Auditor General’s Office One key audit focus area – Compliance with Laws and Regulations.

© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.

Information Security Policies Larry Conrad September 29, 2009.

Code of Conduct for Mobile Money Providers 6 November 2014 All material © GSMA The policy advocacy and regulatory work of the GSMA Mobile Money team.

HSAs & RETIREMENT PLAN ADVISORS: A LEGAL, FIDUCIARY & BEST PRACTICES PERSPECTIVE Marcia S. Wagner.

TITLE:- “How To Ensure Effective compliance with the Data Protection Act” PRESENTED BY:- The Commissioner, {Mrs D. Madhub} TO:- Lamco Insurance Ltd ON.

“Privacy For Websites” Presented by Mrs Drudeisha Madhub (The Commissionner) p Tel: Helpdesk: Website:

Information Governance in Commissioning Mental Health Commissioners Collaborative.

Information Systems Controls for System Reliability -Information Security-

Presented by Mrs Drudeisha Madhub (Data Protection Commissioner) Tel: Helpdesk: Fax:

By Drudeisha Madhub Data Protection Commissioner Date:

Keeping on top of the Cloud - Compliance from a Regulator’s Perspective Henry Chang, IT Advisor Office of the Privacy Commissioner for Personal Data, Hong.

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

HIPAA Trading Partners, Legal Relationships October 2, 2001 presented by Peter B. Goldstein, Esq. Cap Gemini Ernst & Young, US LLC.

Outsourcing Louis P. Piergeti VP, IIROC March 29, 2011.

Data Protection and You Your Rights & The Law Registration Basics Other Activities Disclaimer: This presentation only provides an introductory info. Please.

CLOUD AND SECURITY: A LEGISLATOR'S PERSPECTIVE 6/7/2013.

Assistant VP of IT *Cloud Computing* Some Guidelines Kelly McDonald Dec. 8, 2011.

Roles and Responsibilities

Identity Federation Policy Marina Vermezović, AMRES Federated Identity Technology Workshop Sofia, Bulgaria, 20. Jun 2014.

Guide - Recordkeeping for business activities carried out by contractors Natalie Dewson Senior Advisor Government Recordkeeping Programme Archives New.

Federal Trade Commission U.S. Rules on Privacy and Data Security Organization for International Investment General Counsel Conference October 16, 2009.

1 Workers Compensation Policy Cancellation Pitfalls 2005 AASCIF Legal Workshop George M. Parham Chief Legal Counsel Idaho State Insurance Fund.

PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.

PRESENTED AT THE STAKEHOLDERS FORUM ON QUALITY OF SERVICE AND CONSUMER EXPERIENCE LAICO REGENCY HOTEL Creating Space for Consumer Rights in.

International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.

Revised AQTF Standards for Registered Training Organisations Strengthening our commitment to quality - COAG February August 2006.

Fred Carter Senior Policy & Technology Advisor Information and Privacy Commissioner Ontario, Canada MISA Ontario Cloud Computing Transformation Workshop.

1 Enhancement Measures to Facilitate Schools in Identifying Teachers Committing Offence / Misconduct Cases.

Service Level Commitments (SLC) Negotiating Performance Metrics Assessing SLC SLC Outcomes.

D3.2 Procurement Best Practices Interim Report 20 January 2016 Toward the European Open Science Cloud 1 Damir Savanovic, CSA.

Regulatory framework Julie Swan Associate Director, Regulatory Policy and Vocational Qualification Policy.

Data protection—training materials [Name and details of speaker]

ITEC 275 Computer Networks – Switching, Routing, and WANs Week 12 Chapter 14 Robert D’Andrea Some slides provide by Priscilla Oppenheimer and used with.

Welcome Pauline Chisholm Ross Foggin IfL Regional Connection Advisor.

Business Challenges in the evolution of HOME AUTOMATION (IoT)

COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.

Designing Identity Federation Policy, the right way Marina Vermezović, Academic Network of Serbia TNC2013 conference 4 May 2013.

All IT Staff Meeting September 18, 2013

Electronic communications services: Ensuring equivalence in access and choice for disabled end-users - Article 23a ERG/BEREC Project Public Hearing,

Deployment of a DPO Niamh Gavin AIB Data Protection Legal

INTERCONNECTION GUIDELINES

Auditing Cloud Services

Service Organization Control (SOC)

Data protection issues in regulatory investigations

SIMS Reporting Enhancement supporting GDPR

Threats and Challenges to Data Protection and Privacy :-

IS4680 Security Auditing for Compliance

Move this to online module slides 11-56

Spencer County Public Schools Responsible Use Policy for Technology and Related Devices Spencer County Public Schools has access to and use of the Internet.

General Data Protection Regulation

Overview of the Office of Health Standards Compliance

Overview of the Office of Health Standards Compliance

Purpose & Overview of the Office of Health Standards Compliance

Overview of the Office of Health Standards Compliance

Overview of the Office of Health Standards Compliance

Neopay Practical Guides #2 PSD2 (Should I be worried?)

Upcoming PIPEDA Changes

Overview of the Office of Health Standards Compliance

Overview of the Office of Health Standards Compliance

Overview of the Office of Health Standards Compliance

Overview of the Office of Health Standards Compliance

Data Security and Protection Toolkit Assurance 2018/19

CEng progression through the IOM3

Presentation transcript:

Emtel 4G LTE NETWORK

“ The DPO Regulatory Perspective about Cloud Solutions” Presented by Mrs Drudeisha Madhub (The Commissionner ) Tel: Helpdesk: Website: Address: 4th Floor, Emmanuel Anquetil Building, Port Louis

The Data Protection Act The Data Protection Act 2004 was proclaimed in its entirety on the 16th of February 2009, except for section 17(5). In addition, the Data Protection Regulations 2009 (GN 22/09) were enacted to cater for registration fees for data controllers, other prescribed fees, the registration form for data controllers and the request for access to personal data form which represents the form to be used by data subjects (living individuals), for requesting access to their personal data from data controllers.

The Data Protection Act The Data Protection Act 2004 gives individuals rights to protect them against data protection breaches, and creates obligations for those keeping personal information. Under the Act, individuals have the right to be informed of any data processing activity which relate to them as data subjects.

Cloud Computing Cloud Computing has data protection implications which should be seriously looked into by all stakeholders to avoid putting people’s privacy rights at stake. Note:. Accountability for security and privacy in public clouds remains with the organisation as data controller. Consequently, organisations must ensure that any selected public cloud computing solution is configured, deployed, and managed to meet the security, privacy, and other requirements of the organisation.

Recommendations to Organisations 1.0 Criteria for selecting a cloud provider The security, privacy and other organisational requirements for cloud services to meet should be identified.

Recommendations to Organisations 2.0 Risk and Privacy-Impact Assessments It helps in analysing the security and privacy controls of a cloud provider with respect to the control objectives of the organisation. Volume 6: Guidelines on Privacy Impact

Recommendations to Organisations 3.0 Evaluation of the cloud provider This process helps in determining the ability and commitment to deliver cloud services over the target timeframe and meet the security and privacy levels stipulated. 4.0 Service Level Agreement It ensures that all contractual requirements are recorded including privacy and security provisions endorsed by the provider. A legal advisor is important for the negotiation and review of the terms of the SLA.

Recommendations to Organisations 5.0 Performance Assessment The cloud provider should continually be assessed. It must be ensured that all contract obligations are being met. 6.0 Termination The cloud provider should be alerted about any contractual requirements that must be observed upon termination. 7.0 Physical Access All electronic access rights, physical tokens, physical badges or others should be revoked in a timely manner.

Recommendations to Organisations 8.0 Resources It should be ensured that all resources under the SLA are returned in a usable form and secure evidence that information has been properly expunged.

Guideline - Data Protection Act 2004 Vol. 7 - Guidelines on Privacy Enhancing Technologies

Conclusion The use of cloud services can make very good business sense, but data controllers must always bear in mind that they cannot outsource their data protection legal obligations, nor the risk to their reputations with regard to the personal data they entrust to service providers. In connection with the globalised environment in which cloud computing operates, the current regulatory framework is the Data Protection Act which gives the DPO the responsibility for the safeguarding of personal data. However, when no specific data protection provisions apply in relation to cloud computing, users have no other choice but to safeguard data by means of detailed agreements with cloud computing service providers.