1. Strategic importance of identity and access management (IAM) The case of the Belgian social and health sector Frank Robben General manager Crossroads Bank for Social Security eHealth Platform Sint-Pieterssteenweg 375 B-1040 Brussels - Belgium E-mail: Frank.Robben@ksz.fgov.beFrank.Robben@ksz.fgov.be Website CBSS: www.ksz.fgov.bewww.ksz.fgov.be Personal website: www.law.kuleuven.be/icri/frobbenwww.law.kuleuven.be/icri/frobben

2. 2 November 5th, 2009 Frank Robben Structure of the presentation expectations of the stakeholders of the Belgian social and health sector the Crossroads Bank for Social Security and the eHealth platform advantages for citizens, companies and public administrations strategic importance of identity and access management concrete implementation of identity and access management issues with regard to privacy protection and information security

3. 3 November 5th, 2009 Frank Robben Stakeholders of the Belgian social sector > 10,000,000 citizens > 220,000 employers about 3,000 public and private institutions (actors) at several levels (federal, regional, local) dealing with –collection of social security contributions –delivery of social security benefits: child benefits, unemployment benefits, benefits in case of incapacity for work, benefits for the disabled, re-imbursement of health care costs, holiday pay, old age pensions, guaranteed minimum income, … –delivery of supplementary social benefits –delivery of supplementary benefits based on the social security status of a person

4. 4 November 5th, 2009 Frank Robben Stakeholders of the Belgian health sector > 10,000,000 citizens > 100.000 health care providers (physicians, dentists, clinical labs, pharmacists, physiotherapists, home nurses, …) > 300 health care institutions (hospitals, rest homes, nursing homes, …) sickness funds public institutions –federal level (Federal Public Service for Public Health, National Institute for Health Insurance, Belgian Health Care Knowledge Centre, …) –regional level

5. 5 November 5th, 2009 Frank Robben Expectations in the social sector effective social protection effective support of social policy effective fraud prevention and detection integrated services –attuned to the concrete situation of the citizens and companies, and personalized when possible –delivered at the occasion of events that occur during their life cycle (birth, going to school, starting to work, move, illness, retirement, starting up a company, …) –across government levels, public services and private bodies attuned to their own processes if possible, granted automatically

6. 6 November 5th, 2009 Frank Robben Expectations in the health sector optimal quality of health care optimal patient safety adequate support of health policy patient centric care and empowerment of the patient integrated services –multidisciplinary –holistic –continuous –across health care institutions and health care providers remote care (monitoring, assistance, consultation, diagnosis, operation, …), a.o. home care quickly evolving knowledge => need for reliable, coordinated knowledge management and accessibility

7. 7 November 5th, 2009 Frank Robben Common expectations in both sectors electronic services with minimal costs and minimal administrative burden with active participation of the user (self service) well performing and user-friendly reliable, secure and permanently available accessible via a channel chosen by the user (direct contact, phone, PC, …) with adequate information security and privacy protection

8. 8 November 5th, 2009 Frank Robben The solution in the social sector creation in 1990 of the Crossroads Bank for Social Security as a coordinator and service integrator, with co- operative governance no central data storage a network between all 3,000 social sector actors with a secure connection to the internet, the federal MAN, regional extranets, extranets between local authorities and the Belgian interbanking network a unique identification key –for every citizen, electronically readable from an electronic social security card and an electronic identity card –for every company –for every establishment of a company

9. 9 November 5th, 2009 Frank Robben The solution in the social sector an agreed division of tasks between the actors within and outside the social sector with regard to collection, validation and management of information and with regard to electronic storage of information in authentic sources 210 electronic services for mutual information exchange amongst actors in the social sector, defined after process optimization –nearly all direct or indirect (via citizens or companies) paper- based information exchange between actors in the social sector has been abolished –in 2008, 686 million electronic messages were exchanged amongst actors in the social sector, which saved as many paper exchanges

10. 10 November 5th, 2009 Frank Robben The solution in the social sector 42 electronic services for employers, either based on the electronic exchange of structured messages or via an integrated portal site –50 social security declaration forms for employers have been abolished –in the remaining 30 (electronic) declaration forms the number of headings has on average been reduced to a third of the previous number –declarations are limited to 4 events immediate declaration of recruitment (only electronically) immediate declaration of discharge (only electronically) quarterly declaration of salary and working time (only electronically) occurrence of a social risk (electronically or on paper) –in 2008, 23 million electronic declarations were made by all 220,000 employers, 98 % of which from application to application

11. 11 November 5th, 2009 Frank Robben The solution in the social sector electronic services for citizens –maximal automatic granting of benefits based on electronic information exchange between actors in the social sector –8 electronic services via an integrated portal 3 services to apply for social benefits 6 services for consultation of social benefits –about 30 new electronic services are foreseen an integrated portal site containing –electronic transactions for citizens, employers and professionals –simulation environments –information about the entire social security system –harmonized instructions and information model relating to all electronic transactions –a personal page for each citizen, each company and each professional

12. 12 November 5th, 2009 Frank Robben The solution in the social sector an integrated multimodal contact centre supported by a customer relationship management tool a data warehouse containing statistical information with regard to the labor market and all branches of social security

13. 13 November 5th, 2009 Frank Robben The solution in the social sector reference directory –directory of available services/information which information/services are available at any actor depending on the capacity in which a person/company is registered at each actor –directory of authorized users and applications list of users and applications definition of authentication means and rules definition of authorization profiles: which kind of information/service can be accessed, in what situation and for what period of time depending on in which capacity the person/company is registered with the actor that accesses the information/service –directory of data subjects which persons/companies have personal files at which actors for which periods of time, and in which capacity they are registered –subscription table which users/applications want to automatically receive what information/services in which situations for which persons/companies in which capacity

14. 14 November 5th, 2009 Frank Robben The solution in the health sector creation in 2008 of the eHealth platform as a coordinator and service integrator, with co-operative governance and with the following legal assignments –to develop a vision and a strategy for effective, efficient and secure electronic services and information exchange in health care, with respect for privacy protection and in close cooperation with the various public and private actors in the health care sector –to establish useful ICT-related functional and technical norms, standards, specifications and basic architecture for using ICT in order to support this vision and strategy –to check whether software packages for managing electronic health records comply with the established ICT-related functional and technical norms, standards and specifications, as well as to register those software packages

15. 15 November 5th, 2009 Frank Robben The solution in the health sector creation in 2008 of the eHealth platform as a coordinator and service integrator, with co-operative governance and with the following legal assignments –to create, to manage and to develop a cooperation platform for secure electronic data exchange with useful basic services (see hereafter) –to agree on a distribution of tasks with regard to the collection, the validation, the storage and the availability of data exchanged over the cooperation platform and on the quality norms which those data have to meet, and to verify whether the quality norms are met –to promote and to coordinate the realization of programs and projects which reflect the vision and strategy and use the cooperation platform and/or its basic services

16. 16 November 5th, 2009 Frank Robben The solution in the health sector creation in 2008 of the eHealth platform as a coordinator and service integrator, with co-operative governance and with the following legal assignments –to manage and to coordinate ICT-related aspects of data exchange with regard to electronic health records and electronic care prescriptions –to act as an independent trusted third party (TTP) for coding and anonymizing personal health care data for certain organizations, listed in the law in order to support scientific research and policy making –to conduct the necessary changes in order to execute the vision and strategy –to organize the cooperation with other public services in charge of the coordination of electronic service delivery

17. 17 November 5th, 2009 Frank Robben The solution in the health sector no central data storage a well secured virtual private network based on the internet with end-to-end encryption of personal data between all 100,000 health care actors a unique identification key –for every citizen, electronically readable from an electronic social security card and an electronic identity card –for every health care provider –for every health care institution multidisciplinary, high quality electronic patient records care pathways

18. 18 November 5th, 2009 Frank Robben The solution in the health sector basic services offered by the eHealth platform on its own ICT infrastructure –orchestration of electronic subprocesses –portal environment including a content management system and a search engine –integrated user and access management –logging –system for end-to-end encryption –personal electronic mailbox for each health care provider –time stamping –coding and anonymizing for certain organizations, listed by the law –reference directory (what, about whom, where – no content!)

19. 19 November 5th, 2009 Frank Robben Basic services eHealth platform Network The solution in the health sector Patients, health care providers and institutions VASVASVAS Suppliers Users Portal eHealth Portal eHealth PortaHealth AVS Software health care institution Software health care institution AVS MyCareNet AVS Software health care provider Software health care provider AVS Site INAMI Site INAMI AVS VASVASVAS

20. 20 November 5th, 2009 Frank Robben The solution in the health sector basic service –a service developed and made available by the eHealth platform, which can be used by an added value service provider for developing and offering an added value service added value service (AVS) –a service put at the disposal of the patients and/or the health care providers –the entity that develops and offers an added value service can use the basic services offered by the eHealth platform for this purpose validated authentic source (VAS) –a database with information used by the eHealth platform –the administrator of the database is responsible for the availability and (the organization of) the quality of the information made available

21. 21 November 5th, 2009 Frank Robben Internet Extranet region or commmunity Extranet region or commmunity FEDMAN Services repository FPS ASS Services repository Extranet social sector ASS RPS Services repository VPN, Publi- link, VERA, … City Province Municipality Services repository Service integrator (FEDICT) Service integrator (CBSS) Service integrator (Corve, Easi- Wal, CIRB, …) Towards a network of service integrators

22. 22 November 5th, 2009 Frank Robben Advantages gains in efficiency –in terms of cost: services are delivered at a lower total cost due to –a unique information collection using a common information model and administrative instructions –a lesser need to re-encoding of information by stimulating electronic information exchange –a drastic reduction of the number of contacts between actors in the social and health sector on the one hand and companies or citizens on the other –a functional task sharing concerning information management, information validation and application development –a minimal administrative burden –a connection to one electronic platform is sufficient for using several applications according to a study of the Belgian Planning Bureau, rationalization of the information exchange processes between the employers and the social sector implies an annual saving of administrative costs of about 1.7 billion € a year for the companies

23. 23 November 5th, 2009 Frank Robben Advantages gains in efficiency –in terms of quantity: more services are delivered services are available at any time, from anywhere and from several devices services are delivered in an integrated way according to the logic of the customer –in terms of speed: the services are delivered in less time benefits can be allocated quicker because information is available faster waiting and travel time is reduced companies and citizens can directly interact with the competent actors in the social or health sector with real time feedback

24. 24 November 5th, 2009 Frank Robben Advantages gains in effectiveness: better social protection, higher quality of health care and higher patient safety –in terms of quality: same services at same total cost in same time, but to a higher quality standard –in terms of type of services: new types of services, e.g. automated granting of benefits active search of non-take-up using data warehousing techniques controlled management of own personal information personalized simulation environments easier referring between health care providers/institutions –in terms of support of professionals in executing their profession better support of social and health policy more efficient combating of fraud

25. 25 November 5th, 2009 Frank Robben Strategic importance of IAM reliable exchange of personal data requires sufficient certainty about the identity of the data subjects adequate access control requires sufficient certainty about –the identity of the users –the authentication of the identity of the users –the verification of certain characteristics of the users –the verification of certain relationships between the users and the data subjects –the verification of certain mandates of the users

26. 26 November 5th, 2009 Frank Robben IAM: objectives to be reached be able to (electronically) –identify all relevant entities (physical persons, companies, applications, machines, …) –know the relevant characteristics of the entities –know the relevant relationships between entities –know that an entity has been mandated by another entity to perform a legal action –know the authorizations of the entities in a sufficiently certain and secure way in as much relations as possible (C2C, C2B, C2G, B2B, B2G, …) using open interoperability standards

27. 27 November 5th, 2009 Frank Robben Conceptual framework entity –someone or something that has to be identified –e.g. a physical person, a company, a computer application, … attribute –a piece of information about an entity identity –a number or a set of attributes of an entity that allows to know precisely who or what the entity is –an entity has only one identity, but this identity can be determined by several numbers or sets of attributes

28. 28 November 5th, 2009 Frank Robben Conceptual framework characteristic –an attribute of an entity, other than an attribute determining its identity –an entity can have several characteristics –e.g. a capacity, a function, a professional qualification,... relationship –a link between two or more entities –an entity can have several relationships –e.g. a therapeutical relationship between a health care provider and a patient

29. 29 November 5th, 2009 Frank Robben Conceptual framework mandate –a right granted by an identified entity to another identified entity to perform well-defined legal actions in her name and for her account –an entity can have several mandates registration –the process of determining the identity, a characteristic, a relationship or a mandate of an entity with sufficient certainty –before putting at the disposal means by which the identity can be authenticated, or the characteristic, the relationship or the mandate can be verified

30. 30 November 5th, 2009 Frank Robben Conceptual framework authentication of the identity –the process of checking whether the identity that an entity pretends to have, corresponds to the real identity –authentication of the identity can be done based on the verification of knowledge (e.g. a password) possession (e.g. an electronic card) biometrical characteristics a combination of those

31. 31 November 5th, 2009 Frank Robben Conceptual framework verification of a characteristic, a relationship or a mandate –the process of checking whether a characteristic, a relationship or a mandate that an entity pretends to have, corresponds to a real characteristic, relationship or mandate of that entity –the verification of a characteristic, a relationship or a mandate can be done by the same kind of means as those used for the authentication of the identity or, after the authentication of the identity, by consulting a database that contains information about characteristics, relationships or mandates related to identified entities

32. 32 November 5th, 2009 Frank Robben Conceptual framework authorization –a permission to an entity to perform a defined action or to use a defined service authorization group –a group of authorizations role –a group of authorizations or authorization groups related to a specific service role based access –a method of assigning authorizations to entities by means of authorization groups and roles, in order to simplify the management of authorizations and their assignment to entities

33. 33 November 5th, 2009 Frank Robben Choices made in Belgium identification number for every citizen and every company –characterictics unicity –one entity – one identification number –same identification number is not assigned to several entities exhaustivity –every entity to be identified has an identification number stability through time –identification number should not contain variable characterics of the identified entity –identification number should not contain references to the identification number or characteristics of other entities –identification number should not change when a quality or characteristic of the identified entity changes

34. 34 November 5th, 2009 Frank Robben Choices made in Belgium art. 8, 7 Directive 95/46/EC: "Member States shall determine the conditions under which a national identification number or any other identifier of general application may be processed" –evolution towards meaningless identification numbers –unique identification numbers of citizens can only be used by instances authorized by a Sectoral Committee of the National Privacy Commission –regulation on interconnection of personal data registration of the identity of citizens by the municipalities registration of the identity of companies by company counters

35. 35 November 5th, 2009 Frank Robben Choices made in Belgium registration of characteristics, relationships and mandates relevant for eGovernment by private or public bodies designated by government authentication of the identity of physical persons by the electronic identity card verification of characteristics, relationships and mandates relevant for eGovernment preferably by consulting authentic databases multifunctional use of authentication and verification means authorization is the responsibility of each service provider implementation based on a policy enforcement model

36. 36 November 5th, 2009 Frank Robben Policy Enforcement Model User Policy Application (PEP) Application Policy Decision(PDP) Action on application Decision request Decision reply Action on application PERMITTED Policy Information (PIP) Information Request/ Reply Policy Administration (PAP) Retrieval Policies Authentic source Policy Information (PIP) Information Request/ Reply Policy repository Action on application DENIED Manager Policy management Authentic source

37. 37 November 5th, 2009 Frank Robben Policy Enforcement Point (PEP) intercepts the request for authorization with all available information about the user, the requested action, the resources and the environment passes on the request for authorization to the Policy Decision Point (PDP) and extracts a decision regarding authorization grants access to the application and provides relevant credentials User Policy Application (PEP) Application Policy Decision(PDP) Action on application Decision request Decision reply Action on application PERMITTED Action on application DENIED

38. 38 November 5th, 2009 Frank Robben Policy Decision Point (PDP) based on the request for authorization received, retrieves the appropriate authorization policy from the Policy Administration Point(s) (PAP) evaluates the policy and, if necessary, retrieves the relevant information from the Policy Information Point(s) (PIP) takes the authorization decision (permit/deny/not applicable) and sends it to the PEP Policy Application (PEP) Policy Decision(PDP) Decision request Decision reply Policy Information (PIP) Request / Reply Policy Administration (PAP) Retrieval Policies Policy Information (PIP) Information Request/ Reply Information

39. 39 November 5th, 2009 Frank Robben Policy Administration Point (PAP) environment to store and manage authorization policies by authorized person(s) appointed by the application managers puts authorization policies at the disposal of the PDP PDP PAP Retrieval Policies Manager Policy management Policy repository

40. 40 November 5th, 2009 Frank Robben Policy Information Point (PIP) puts information at the disposal of the PDP in order to evaluate authorization policies (authentic sources with characteristics, relationships, mandates, etc.) PDP PIP1 Information Request / Reply Authentic source PIP2 Authentic source Information Request / Reply

41. 41 November 5th, 2009 Frank Robben APPLICATIONS AuthorisationAuthen- tication PEP Role Mapper USER PAP ‘’Kephas’’ Role Mapper DB PDP Role Provider PIP Attribute Provider Role Provider DB UMAF PIP Attribute Provider DB XYZ WebApp XYZ APPLICATIONS AuthorisationAuthen- tication PEP Role Mapper USER WebApp XYZ PIP Attribute Provider PAP ‘’Kephas’’ Role Mapper DB PDP Role Provider Role Provider DB Management VAS PIP Attribute Provider DB XYZ PIP Attribute Provider DB Judicial exut- ers PIP Attribute Provider DB Mandates eHealth platform APPLICATIONS AuthorisationAuthen- tication PEP Role Mapper USER PAP ‘’Kephas’’ Provider DB Mandates Social sector (CBSS) Non social FPS (Fedict) Management VAS DB XYZ Global architecture

42. 42 November 5th, 2009 Frank Robben Electronic identity card (eID) aims to enable Belgian citizens –to identify themselves (electronically) –to electronically authenticate their identity towards diverse applications –and to put digital signatures validity period of 5 years, extended to 10 years for elderly people

43. 43 November 5th, 2009 Frank Robben Electronic identity card (eID) from a visual point of view the electronic identity card contains –the name –the first two Christian names –the first letter of the third Christian name –the nationality –the place and date of birth –the sex –the place of delivery of the card –the begin and end data of the validity of the card –the denomination and number of the card –the photo of the holder –the signature of the holder –the identification number of the National Register

44. 44 November 5th, 2009 Frank Robben Electronic identity card (eID) from an electronic point of view the chip of the electronic identity card contains the same information as printed on the card, filled up with –the identity and signature keys –the identity and signature certificates –the accredited certification service furnisher –information necessary for authentication of the card and securization of the electronic data –the main residence of the holder no other data than identification data no encryption certificates no electronic purse no biometric data (yet)

45. 45 November 5th, 2009 Frank Robben No other data than identification data why not ? –preventing perception of the card as a big brother –preventing loss of data, when the card is lost –preventing frequent updates of the card stimulation of the controlled access to data over networks, using the card as an access tool, rather than storage of data on the card

46. 46 November 5th, 2009 Frank Robben eID organization model government has chosen a card producer and certification authority issuing the identity certificates as a result of a public call for tenders the municipality calls the holder for the issuing of the electronic identity card the municipality acts as registration authority for 2 certificates: authentication of the identity and electronic signature 2 key pairs are generated within the card at production time and the private keys are stored within the processor chip of the card the 2 certificates are created by the certification authority, but published only when the holder agrees

47. 47 November 5th, 2009 Frank Robben eID organization model the use of the private keys within the chip needs an activation of the card by a municipal official using his PUK2 and the PUK1 sent to the holder first authentication within one session (first private key) and every generation of an electronic signature (second private key) requires the PIN code of the holder the second private key and identity certificate on the electronic identity card can be used to generate a legally valid electronic signature

48. 48 November 5th, 2009 Frank Robben eID partners

49. 49 November 5th, 2009 Frank Robben National Register and CBSS Register National Register –database managed by the Ministry of the Interior –containing identification data with regard to all people living in Belgium and registered within the municipal population registers –data are managed by the municipalities CBSS register –database managed by the Crossroads Bank for Social Security –containing identification data with regard to all people that are not registered (anymore) within the National Register, but that are in relation with the Belgian public or social sector –subsidiary and complementary to the National Register –data are managed by the sickness funds

50. 50 November 5th, 2009 Frank Robben National Register and CBSS Register content –unique identification key –name and Christian names –place and date of birth –place and date of death –sex –nationality –civil status –main residence –family composition (not in CBSS register) –profession (not in CBSS register)

51. 51 November 5th, 2009 Frank Robben Division of costs population registers: municipalities National Register: Ministry of the Interior CBSS Register: Crossroads Bank for Social Security eID: citizen (10 €)

52. 52 November 5th, 2009 Frank Robben International context: some issues determination of the means by which an entity can be identified within each country and across countries the way identity management on the one hand, and characteristics, relationships and mandates management on the other, are well separated in order to guarantee the multifunctional use of identity authentication means the quality insurance criteria for the registration procedures that are used to determine the identity, relevant characteristics, relationships or mandates before linking it to authentication or verification means

53. 53 November 5th, 2009 Frank Robben International context: some issues the quality insurance criteria for authentication and verification means and their use an organizational, functional and technical interoperability framework to exchange identity, characteristics, relationships, mandates and authentication data based on open standards the necessary legal framework for identity, characteristics, relationships and mandates management, with a good balance between trust enhancing measures and measures guaranteeing a free market

54. 54 November 5th, 2009 Frank Robben International context: proposed method to work out a common conceptual framework, a common vision and common basic principles to translate these principles in common, measurable objectives to ask every state to develop an action plan to achieve these objectives to elaborate an architecture and guidebooks to implement the principles to create a forum for the exchange of best practices

55. 55 November 5th, 2009 Frank Robben Information security and privacy protection overall policy on security and privacy protection for eGovernment –security, integrity and confidentiality of government information are ensured by integrating ICT measures with structural, organizational, physical, personnel screening and other security measures according to agreed policies –personal information is only used for purposes compatible with the purposes of the collection of the information –personal information is only accessible to authorized institutions and users according to business needs, legislative or policy requirements

56. 56 November 5th, 2009 Frank Robben Information security and privacy protection overall policy on security and privacy protection for eGovernment –the authorizations for government bodies to communicate personal information to third parties are granted by Sectoral Committees of the Privacy Commission, designated by Parliament, after having checked whether the communication conditions (e.g. purpose limitation, proportionality) are met –the authorizations for communication are public –every concrete electronic communication of personal information by a government body is preventively checked on compliance with the existing authorizations by an independent institution managing the interoperability framework used for the communication –every concrete electronic communication of personal information by a government body is logged, to be able to trace possible abuse afterwards

57. 57 November 5th, 2009 Frank Robben Information security and privacy protection overall policy on security and privacy protection for eGovernment –every time information is used to take a decision, the used information is communicated to the concerned person together with the decision –every person has right to access and correct his own personal data –this system has been implemented in the Belgian social security sector for about 20 years and is being extended to the whole Belgian government sector

58. 58 November 5th, 2009 Frank Robben Information security and privacy protection security, availability, integrity and confidentiality of information is ensured by integrated –institutional –legal –organizational –HR-related –technical security measures according to agreed policies

59. 59 November 5th, 2009 Frank Robben Institutional measures no central data storage every actor disposes of an information security officer with an advisory, stimulating, documentary and control task specialized information security service providers have been recognized in order to support the information security officers a working party on information security and privacy protection has been established minimal information security and privacy protection standards are proposed by the working party on information security and privacy protection and are established by the competent Sectoral Committee

60. 60 November 5th, 2009 Frank Robben Institutional measures every year, every actor has to report to the competent Sectoral Committee on compliance with the minimal information security and privacy protection standards in case an actor doesn’t meet the minimal information security and privacy protection standards, the actor can be prohibited by the competent Sectoral Committee to be connected to the system for electronic data exchange

61. 61 November 5th, 2009 Frank Robben Independent Sectoral Committees established within the Privacy Commission composed of –2 members of the Privacy Commission –4 independent domain specialists designated by Parliament competences –supervision of information security –authorizing the information exchange –complaint handling –information security recommendations –extensive investigating powers –annual activity report

62. 62 November 5th, 2009 Frank Robben Legal measures obligations of the actors as data controllers –principles relating to fair and lawful processing and data quality –information to be given to the data subject –confidentiality and security of processing rights of the data subjects (i.e. the natural persons the personal data relate to) –right of privacy protection –right of information –right of access –right of rectification, erasure or blocking –right not to be subject to fully automated individual decisions –right of a judicial remedy remedies, liability and sanctions

63. 63 November 5th, 2009 Frank Robben Fair and lawful processing and data quality fair and lawful processing collection only for specified, explicit and legitimate purposes no further processing in a way incompatible with those purposes personal data must be adequate, relevant and not excessive in relation to those purposes personal data must be accurate and kept up to date personal data must not be kept longer than necessary for those purposes in a form which permits the identification of the data subject

64. 64 November 5th, 2009 Frank Robben Fair and lawful processing and data quality respect of additional protection measures related to sensitive data, i.e. data revealing or concerning –racial or ethnic origin –political opinions –religious or philosophical beliefs –trade union membership –health –sexual life –offences, criminal convictions or security measures

65. 65 November 5th, 2009 Frank Robben Confidentiality and security no access to personal data is permitted except on instructions from the controller or if required by law appropriate technical and organizational security measures –protection against accidental or unlawful destruction accidental loss alteration unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network all other forms of unlawful processing –measures have to be appropriate to the risks represented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation

66. 66 November 5th, 2009 Frank Robben Confidentiality and security where processing is carried out by an external processor –the controller has to choose a processor guaranteeing sufficient technical and organizational security measures –the controller must ensure compliance of the processing with the security measures –the carrying out of the processing must be governed by a written contract or legal act stipulating in particular that the processor shall act only on instructions from the controller the security obligations shall also be incumbent on he processor

67. 67 November 5th, 2009 Frank Robben Remedies, liability and sanctions remedies –administrative remedies, inter alia before the Sectoral Committee –judicial remedies –for any breach of the rights guaranteed by the national law applicable liability –right to compensation from the controller for the damage suffered as a result of an unlawful processing operation, unless the controller proves not to be responsible for the event giving rise to the damage sanctions –penal sanctions –interdiction to process personal data

68. 68 November 5th, 2009 Frank Robben Organizational, HR-related & technical measures risk assessment security policies governance and organization of information security inventory and classification of information human resources security physical and environmental security management of communication and service processes processing of personal data access control acquisition, development and maintenance of information systems information security incident management business continuity management compliance: internal and external control communication to the public of the policies concerning security and the protection of privacy

69. 69 November 5th, 2009 Frank Robben More information website Crossroads Bank for Social Security –http://www.ksz.fgov.behttp://www.ksz.fgov.be website eHealth platform –https://www.ehealth.fgov.behttps://www.ehealth.fgov.be personal website Frank Robben –http://www.law.kuleuven.be/icri/frobbenhttp://www.law.kuleuven.be/icri/frobben

70. Th@nk you ! Any questions ?