7 th Pan-Data & CRISP Harmonisation Meeting 5.9.2014 Zürich Airport TERENA Code of Conduct B.Abt PSI 1 Björn Abt.

Slides:

Advertisements

Similar presentations

PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR

Advertisements

Innovation through participation Data Protection Code of Conduct (DP CoC) REFEDS Helsinki Mikael Linden, CSC – IT Center for Science

 Q. Should we keep electronic records  Q. Do you purchase a software package  Q. Do you develop your own package  Q. What solution would be most cost.

Innovation through participation GÉANT Data Protection Code of Conduct (DP CoC) FIM for research collaboration workshop Mikael Linden,

National Science Foundation Division of Science Resources Statistics May The Confidential Information Protection and Statistical Efficiency Act.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

Innovation through participation Attributes Release Working Group European data protection directive REFEDS meeting 22th Apr, 2012

Professional Behaviour

SIU School of Medicine Identity Protection Act and Associated SIU Policy.

XACML 2.0 and Earlier Hal Lockhart, Oracle. What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation.

Innovation through participation eduGAIN federation operator training eduGAIN policy eduGAIN training in Vienna Oct 2011

CUMC IRB Investigator Meeting November 9, 2004 Research Use of Stored Data and Tissues.

Lecture to Carleton University, Center for European Studies, December 1, 2010.

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

EduGAIN Code of Conduct Workshop, , Brussels GEANT eduGAIN Data Protection "Code of Conduct" Workshop Dieter Van Uytvanck

Innovation through participation Interfederation through eduGAIN - steps and challenges eduGAIN interfederation service Federated Identity Systems.

Professional Ethics in Computing Dr. David Sinclair L253

2 1.Client protection principles 2.Principle #6 in practice 3.Two components of protecting client data 4.Participant feedback 5.Practitioner lessons and.

The ReFEDS/GÉANT Code of Conduct (CoC) An Approach to Compliance with the EU Data Protection Directive Steve Carmody April 23, 2012.

L, E & P ISSUES1 Follow up on PSP: The PSP is about QUALITY - numerous measures are used - with the obvious commitments to data collection. One of the.

7-Oct-15 Threat on personal data Let the user be aware Privacy and protection.

Federal Trade Commission required to issue and enforce regulations concerning children’s online privacy. Initial COPPA Rule effective April 21, 2000;

Population Census carried out in Armenia in 2011 as an example of the Generic Statistical Business Process Model Anahit Safyan Member of the State Council.

Privacy and the Civil Commitment Process Allyson K. Tysinger Assistant Attorney General June 4-5, 2008.

EU Data Protection IT Governance view Ger O’Mahony 12 th October 2011.

IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.

INTERNATIONAL E-DISCOVERY: WHEN CULTURES COLLIDE Alvin F. Lindsay Hogan & Hartson LLP.

The Framework for Privacy Policies in the UK: Is telling people what information is gathered about them part of the framework? Does it need to be? Emma.

Privacy vs. Confidentiality.  IRB review of privacy and confidentiality protections is required under the Common Rule and the FDA regulations, as well.

7 th Pan-Data & CRISP Harmonisation Meeting Zürich Airport EduGain-Bridge and Moonshot for Umbrella Production B.Abt PSI 1 Björn Abt.

Privacy Act United States Army (Managerial Training)

James Fox Shane Stuart Danny Deselle Matt Baldwin Acceptable Use Policies.

28/01/20161 The Future of Online Privacy: Online advertising and behavioral targeting Kristina Irion Third Internet Governance Forum Thursday, 5/12/2008.

E-Authentication October Objectives Provide a flexible, easy to implement authentication system that meets the needs of AES and its clients. Ensure.

Networks ∙ Services ∙ People eduGAIN Townhall Meeting Nicole Harris (or updating the eduGAIN policy suite) “Unicorns can be sued in Wales”

Joint UNECE/Eurostat work session on statistical data confidentiality October 2015 Helsinki, Finland Circle of trust Maurice Brandt DESTATIS.

Networks ∙ Services ∙ People Nicole Harris UK federation meeting eduGAIN, REFEDS and the UK 23 June 2015 Project Development Officer GÉANT.

Implementation of legislation (Chapter 47) By Haley Court.

Sharing Personal Information Programme Wales Accord on the Sharing of Personal Information (WASPI) for organisations involved in the protection, safety,

WORKSHOP ON ACCREDITATION OF BODIES CERTIFYING MEDICAL DEVICES INT MARKET TOPIC 6 CH 5 ISO MANAGEMENT RESPONSIBILITY Philippe Bauwin Medical.

Business Challenges in the evolution of HOME AUTOMATION (IoT)

Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.

Agencija za zaštitu ličnih/osobnih podataka u Bosni i Hercegovini Агенција за заштиту личних података у Босни и Херцеговини Personal Data Protection Agency.

Visibook is instant, simple, and dynamic appointment booking We're headquartered in San Francisco, California "Visibook is awesome. My entire studio was.

Innovation through participation Data Protection Code of Conduct (DP CoC) TNC2013 conference, 4 June 2013 Mikael Linden, CSC – IT Center for Science

Data Protection Officer’s Overview of the GDPR

Umbrella Support Workflow

GDPR (General Data Protection Regulation)

Issues of personal data protection in scientific research

GÉANT Data Protection Code of Conduct (CoCo)

General Data Protection Regulations: what you really need to know

General Data Protection Regulation

GEANT Code of Conduct and REFEDS Research and Scholarship compared

Bob Siegel President Privacy Ref, Inc.

RECORDS AND INFORMATION

Employee Privacy and Privacy of Employee Information

General Data Protection Regulation

Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .

Preparing for GDPR Sharing experiences of the process and using the British Canoeing Toolkit bit.ly/BCGDPRToolkit

The activity of Art. 29. Working Party György Halmos

 How does GDPR impact your business? Pro Tip: Pro Tip: Pro Tip:

Federated Identity and Data Protection Law

Student Privacy in the age of big data

General Data Protection Regulation (GDPR)

Privacy & Interfederation

Data Privacy by Design Expanding Security for bepress Users

Privacy Principles Melinda Clarke.

Presentation transcript:

7 th Pan-Data & CRISP Harmonisation Meeting Zürich Airport TERENA Code of Conduct B.Abt PSI 1 Björn Abt

7 th Pan-Data & CRISP Harmonisation Meeting Zürich Airport B.Abt, PSI 2 What is the TERENA Data Protection Code of Conduct? ● The Data protection Code of Conduct describes an approach to meet the requirements of the EU Data Protection Directive in federated identity management. ● The Data protection Code of Conduct defines behavioral rules for Service Providers which want to receive user attributes from the Identity Providers managed by the Home Organisations.

7 th Pan-Data & CRISP Harmonisation Meeting Zürich Airport B.Abt, PSI 3 What does it contain? ● Ensure that the SAML 2.0 elements conform to the SAML 2 Profile for the Code of Conduct. ● Remind the Service Provider to check that the Service Provider's mdui:Description and mdui:DisplayName elements are understandable and useful for common end users. ● Check that the Service Provider's Privacy Policy document is available and indicates commitment to the Code of Conduct. ● Remind the Service Provider to make sure that the list of requested attributes is consistent with the Privacy Policy document.

7 th Pan-Data & CRISP Harmonisation Meeting Zürich Airport B.Abt, PSI 4 SAML2 Profile: CoC <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion” Name=" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> code-of-conduct/v1

7 th Pan-Data & CRISP Harmonisation Meeting Zürich Airport B.Abt, PSI 5 SAML2 Profile: mdui FileSender FileSender tarjoaa helpon tavan jakaa suuria tiedostoja. FileSender offers an easy way to share large files with anyone. fi.html en.html

7 th Pan-Data & CRISP Harmonisation Meeting Zürich Airport B.Abt, PSI 6 SAML2 Profile: Attributes <RequestedAttribute FriendlyName="EAAHash" Name="urn:oid: " NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> <RequestedAttribute FriendlyName="EAAKey" Name="urn:oid: " NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> <RequestedAttribute FriendlyName="uid" Name="urn:oid: " NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/>

7 th Pan-Data & CRISP Harmonisation Meeting Zürich Airport B.Abt, PSI 7 Privacy Policy AttributeDescription Service NameSHOULD be the same as mdui:DisplayName Service DescriptionSHOULD be the same as mdui:Description Data ControllerInstitute name storing data and a contact person JurisdictionThe country in which the Service Provider is established and whose laws are applied. Personal data processedShow the user which of his data is processed

7 th Pan-Data & CRISP Harmonisation Meeting Zürich Airport B.Abt, PSI 8 Privacy Policy AttributeDescription Purpose of the processing of personal data What is the purpose of collecting personal data. Third parties to whom personal data is disclosed Is personal data given to third parties? How to access, rectify and delete personal data Contact the contact person. Data retentionWhen is the user record going to be deleted or anonymised? Data protection code of conduct Show the reference to the Terena code of conduct for service providers.

7 th Pan-Data & CRISP Harmonisation Meeting Zürich Airport B.Abt, PSI 9 Next steps: ● Shall we implement this Code of Conduct? ● Service Providers must provide the neccessary information ● The information must be evaluted and integrated into the existing system.

PaNdata Meeting ALBA Thank you for your attention! B.Abt PSI 10