Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 25 October 2012 - EPFL Conference Data Protection in Intergovernmental Organizations Workshop 7 February 2013 K. Ernst S. Lüders C. Viala.

Published byGodfrey Walters Modified over 9 years ago

Similar presentations

Presentation on theme: "1 25 October 2012 - EPFL Conference Data Protection in Intergovernmental Organizations Workshop 7 February 2013 K. Ernst S. Lüders C. Viala."— Presentation transcript:

1 1 25 October 2012 - EPFL Conference Data Protection in Intergovernmental Organizations Workshop 7 February 2013 K. Ernst S. Lüders C. Viala

2 2 Data Protection Frameworks OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data http://www.oecd.org/internet/interneteconomy/oecdguidelinesontheprotectionofpriva cyandtransborderflowsofpersonaldata.htm Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data http://eurlex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:1995:281:0031:0050:EN :PDF National data protection laws, e.g. the Swiss Federal Act on Data Protection http://www.admin.ch/ch/e/rs/2/235.1.en.pdf

3 3 Common Personal Data Protection Principles Personal data must be: processed fairly and lawfully; collected for a limited purpose and not kept longer than necessary; adequate, relevant and not excessive in relation to the purpose for which data is collected and processed; accurate, and where necessary, kept up to date; collected and processed pursuant to the rights of the person concerned; stored and processed securely; not transferred without adequate protection; treated confidentially.

4 4 Data Protection Initiative at CERN An ad-hoc Working Group (composed of IT security and legal staff) identified a need for: 1. classification and improved protection of personal data of CERN Contributors (i.e. all persons working at or on behalf of CERN), taking into account the growing digitalization of data. → the protection of personal data of CERN personnel is a legal obligation under CERN‘s Staff Rules and Regulations. 2. consistent and comprehensive regulations on the use and flow of data within CERN to ensure a secure, qualitative and effective handling of the Organization‘s activities and related data. → the protection of other CERN data is not a legal obligation but a homogenization of existing rules is desired, considering the amount of data generated by CERN in different areas (science, administration, CERN governing bodies)

5 5 Data Protection Issues Encountered (1) 1. Which data does CERN hold? 2. What is CERN data? Which is internal data, which is external data (difference between ownership and possession)? 3. What data should be covered by the CERN data protection policy? 4. In terms of protection, should one distinguish between personal and other data?

6 6 Data Protection Issues Encountered (2) 5. Data classification: which categories, how many, for which type of data? Whose responsibility is it to classify data? 6. Data access and sharing: who can access different types of data? Who can grant access to data to whom? What is the role of CERN‘s IT department in this area?

7 7 Data Protection Issues Encountered (3) 7. Data storage: which type of storage for digital and hardcopy data? Whose responsibility? How to handle (inter-)dependencies of data storages? 8. Data retention: which retention periods for which type of data? Digitalization of all data (IT issues)? Whose responsibility? 9. Data destruction: how to destroy data (difference between digital and paper data)?

8 8 Food for Discussion 1. What is your IGO‘s approach to (personal) data protection? 2. To which extent should IGOs comply with the principles of national/international data protection schemes? 3. What does your IGO cover by its data protection scheme, or, in case it does not have such a scheme, what do you think should be covered?

Download ppt "1 25 October 2012 - EPFL Conference Data Protection in Intergovernmental Organizations Workshop 7 February 2013 K. Ernst S. Lüders C. Viala."

Similar presentations

PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR

PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR
Identifying Data Protection Issues Developing Lifelong Learner Record Systems and ePortfolios in FE and HE: Planning for, and Coping with, Legal Issues.

Identifying Data Protection Issues Developing Lifelong Learner Record Systems and ePortfolios in FE and HE: Planning for, and Coping with, Legal Issues.
Legal & Regulatory Compliance. Overview What types of information should be included? What issues or problems might there be? What benefits could be obtained?

Legal & Regulatory Compliance. Overview What types of information should be included? What issues or problems might there be? What benefits could be obtained?
Administrative Systems and the Law What you need to know to produce an oral presentation for Unit 7 When the presentations will take place Resources you.

Administrative Systems and the Law What you need to know to produce an oral presentation for Unit 7 When the presentations will take place Resources you.
The data retention directive: data protection aspects Frank Robben General manager Crossroads Bank for Social Security Sint-Pieterssteenweg 375 B-1040.

The data retention directive: data protection aspects Frank Robben General manager Crossroads Bank for Social Security Sint-Pieterssteenweg 375 B-1040.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Auditor General’s Office One key audit focus area – Compliance with Laws and Regulations.

Auditor General’s Office One key audit focus area – Compliance with Laws and Regulations.
Data Protection webinar: Data Protection & Volunteers 19 th June 2014 Welcome. We’re just making the last few preparations for the webinar to start at.

Data Protection webinar: Data Protection & Volunteers 19 th June 2014 Welcome. We’re just making the last few preparations for the webinar to start at.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.

What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.

A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.
Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Anglican Province of Canada Privacy Policy. Commitment to Privacy The Privacy Policy, including the Web Privacy Statement, is the Anglican Province of.

Anglican Province of Canada Privacy Policy. Commitment to Privacy The Privacy Policy, including the Web Privacy Statement, is the Anglican Province of.
DATA PROTECTION AND PATIENT CONFIDENTIALITY IN RESEARCH Nic Drew Data Protection Manager University Hospital of Wales  2074 6677  2074 5626 

DATA PROTECTION AND PATIENT CONFIDENTIALITY IN RESEARCH Nic Drew Data Protection Manager University Hospital of Wales   
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.

 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
The Legal Framework Can you work out which slide each bullet point should go on?!

The Legal Framework Can you work out which slide each bullet point should go on?!
Handling information 14 Standard.

Handling information 14 Standard.
Data Protection, Freedom of Information and Information/Records Management.

Data Protection, Freedom of Information and Information/Records Management.
The Data Protection Act 1998 The Eight Principles.

The Data Protection Act 1998 The Eight Principles.
Data Protection: An enabler? David Freeland, Senior Policy Officer 23 October 2014.

Data Protection: An enabler? David Freeland, Senior Policy Officer 23 October 2014.

Similar presentations

Ads by Google