Privacy and Data Protection III Annual Latin American Telecommunications, Technology, and Internet Public Policy Forum Geff Brown, Assistant General Counsel.

Slides:

Advertisements

Similar presentations

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.

Advertisements

© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.

Massachusetts privacy law and your business  Jonathan Gossels, President, SystemExperts Corporation  Moderator: Illena Armstrong  Actual Topic: Intersecting.

To improve the quality and efficiency of health care for all stakeholders in the Santa Cruz community. To deliver technology assistance, guidance and.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

1 CLOUD AND SaaS-BASED PLATFORMS: ENSURING DATA PRIVACY May, 2011.

Security Controls – What Works

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Geneva, Switzerland, 14 November 2014 Data Protection for Public Cloud (International Standard ISO 27018) Stéphane Guilloteau Engineer Expert, Orange Labs.

Simple, Effective, Transparent Regulation: Best Practices in OECD countries Cesar Cordova-Novion Deputy Head of Programme Regulatory Reform, OECD.

OSP214. SECURITY PRIVACY RELIABILITY & SERVICE CONTINUITY COMPLIANCE.

Top 7 Things to Know about Activation and Genuine Software with Windows 7 For computers with perpetual licensing obtained through Microsoft volume licensing.

Tackling the Policy Challenges of Health Information Exchange Carol Diamond, MD, MPH Managing Director, Markle Foundation.

No one questions that Microsoft can write great software. Customers want to know if we can be innovative, scalable, reliable in the cloud. (1996) 450M+

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

Types of Consent Informed Process, external review, informed about objectives etc.. Risk analysis, option to remove Simple Binary, 1 click, User Initiated.

Managing the Privacy Function at a Large Company Kimberly S. Gray, Esq., CIPP Chief Privacy Officer Highmark Inc.

Can We Have EHRs and Privacy Too? Dr. Alan F. Westin Professor of Public Law and Government Emeritus, Columbia University; Principal, Privacy Consulting.

European Data Protection Supervisor Pharmaceutical Regulatory & Compliance Congress, Brussels, 7 June 2007 European Privacy and Data Protection Policy.

LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.

Cross-border cloud challenges Wilson Peres, ECLAC Cloudscape Brazil October 2014 PUC, RJ.

Regulatory Transparency and Efficiency in the Communications Industry in Australia Jennifer Bryant Office of Regulation Review Australia.

Copyright ©2014 by Saunders, an imprint of Elsevier Inc. All rights reserved 1 Chapter 02 Compliance, Privacy, Fraud, and Abuse in Insurance Billing Insurance.

Twelve Guiding Principles for the Regulation of Surveillance Camera Systems Presented by: Alastair Thomas Date: 23 rd October 2013.

Information sharing: the view from the ICO Vicky Cetinkaya, Senior Policy Officer, ICO One Staffordshire Information Sharing Protocol launch event Stafford,

1 PARCC Data Privacy & Security Policy December 2013.

HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.

1. The role of Privacy Risk Framework and Risk-Based Approach in Delivering Effective Privacy Compliance Bojana Bellamy.

Privacy Act United States Army (Managerial Training)

HIT Policy Committee Meeting Nationwide Health Information Network Governance June 25, 2010 Mary Jo Deering, PhD ONC, Office of Policy and Planning NHIN.

Configuring Electronic Health Records Privacy and Security in the US Lecture b This material (Comp11_Unit7b) was developed by Oregon Health & Science University.

? Moral principles of right and wrong Used by individuals/organisations To guide behaviour.

John Weigelt, MEng, PEng, CISSP, CISM National Technology Officer Microsoft Canada November 2005 Fighting Fraud Through Data Governance.

MILITARY HEALTH SYSTEM (MHS) Marco Johnson, Chief, Data Architecture Department of Defense Health Affairs, TRICARE Management Activity, Information Management,

Chapter 4: Laws, Regulations, and Compliance

Oncology Patient Enrollment Network OPEN OPEN Documentation Lucille Patrichuk OPEN Implementation Manager OPEN Conference September 18, 2008.

Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.

Key Points for a Privacy Programme for Multinationals Steve Coope.

JOHN M. HUFF NAIC PRESIDENT DIRECTOR, MISSOURI DEPARTMENT OF INSURANCE JUNE 16, 2016 NAIC CYBERSECURITY INITIATIVES.

Identity and Access Management

What Is ISO ISO 27001, titled "Information Security Management - Specification With Guidance for Use", is the replacement for BS It is intended.

Understanding EU GDPR from an Office 365 perspective

General Data Protection Regulations and the IoT

HIPAA/HITECH – The Final Omnibus Rule

Microsoft 365 Get help with regulatory compliance

Deployment Planning Services

Regulatory Transparency and Efficiency in the Communications Industry in Australia Jennifer Bryant Office of Regulation Review Australia.

GDPR – Legal Aspects Desislava Krusteva, Attorney-at-Law, CIPP/E

General Data Protection Regulation (GDPR

International Regulatory Trends

Information Governance and Data Privacy: A World of Risk

Microsoft Corporation

Data protection reform:

Bob Siegel President Privacy Ref, Inc.

GENERAL DATA PROTECTION REGULATION (GDPR)

General Counsel and Chief Privacy Officer

O365 Data Compliance Control of sensitive data is key to cloud adoption Addressing Legal and Regulatory Data Compliance requirements is now a critical.

Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .

Tips on Privacy Audits and Assessments Insurance Consumer Affairs Exchange October 2, 2005 Kirk Herath, CPO & Associate General Counsel, Nationwide Insurance.

GDPR PERSONDATAFORORDNINGEN I PRAKSIS

European Commission proposals for data protection

General Data Protection Regulation “11 months in”

A Simplistic View of Internet Privacy

Data Privacy by Design Expanding Security for bepress Users

Security Insights: Secure Messaging

Presentation transcript:

Privacy and Data Protection III Annual Latin American Telecommunications, Technology, and Internet Public Policy Forum Geff Brown, Assistant General Counsel Microsoft Corporation May 16, 2013

Privacy and Data Protection Regulatory Infrastructur e Transparenc y Privacy by Design No Privacy w/o Security

Security DATAAPPLICATIONNETWORK HOST SECURITY IDENTITY AND ACCESS MANAGEMEN T PHYSICAL Security must be in place at every level.

Privacy by design Context: Personal data should be used only in the context of the relationship with the individual. Individual Choice and Control: Users should have choices about how their personal data is used. Data Portability: Customers should have the right to freely access and move their personal data.

Compliance management framework Policy Control Framework Standards Operating Procedures Business rules for protecting information and systems which store and process information A process or system to assure the implementation of policy System or procedural specific requirements that must be met Step-by-step procedures 5

Transparency What personal data goes where. Who can access the personal data and why. Privacy statements and other documentation.

Regulatory Infrastructure Defining bases for processing personal data: Consent; legitimate interests; contract. Implementing rights: Access, correction and deletion; data breach notification; redress. Consistent and effective enforcement: Oversight and guidance; risk-based approaches; penalties.