SlideShare uma empresa Scribd logo

香港六合彩 » SlideShare

Transferir como PPT, PDF
J
jacwssvc

,香港六合彩以前喜欢什么明星吗? 哪有什么明星,那时候流行武侠片,不过一般没什么机会看,电视节目也没现在这么花样繁多,学校里放电影,只要是穿着粗布长衫跳来跳去的古装片,就足够香港六合彩一个礼拜的话题了。当时课外活动也非常多,尤其像秋天这个季节,老师会要求香港六合彩制作树叶标本,记录四季的变化。 这些怀旧的内容李星华在网络上常常看到,不过由于没有经历过,读起来也没有什么感觉,就像一个七八十岁的老人跟你述说香港六合彩的童年,虽然听着有趣,但你绝对不会有共鸣。 香港六

Tecnologia
1 de 18
Privacy and Security in the Information AgePrivacy and Security in the Information Age Conference, Melbourne, AustraliaConference, Melbourne, Australia August 16, 2001August 16, 2001 The United States Government’sThe United States Government’s Approach to Privacy:Approach to Privacy: The EU Directive and theThe EU Directive and the Safe Harbor FrameworkSafe Harbor Framework Patricia M. SefcikPatricia M. Sefcik U.S. Department of CommerceU.S. Department of Commerce
2 Privacy in Europe and the U.S.Privacy in Europe and the U.S. The European privacy system is basedThe European privacy system is based on comprehensive legislation.on comprehensive legislation. The U.S. privacy system is based onThe U.S. privacy system is based on self regulation and sector specificself regulation and sector specific legislation in highly sensitive areaslegislation in highly sensitive areas such as financial, medical, children’ssuch as financial, medical, children’s and genetic information.and genetic information.
3 Historical Overview: Safe HarborHistorical Overview: Safe Harbor OCTOBER 1998 – EU’s sweeping privacy directive went into effect JULY 2000 – Safe Harbor principles are deemed adequate NOVEMBER 1, 2000 – Safe Harbor becomes effective – DOC launches safe harbor website http://www.export.gov/safeharbor JANUARY 4, 2001 – Official Department of Commerce roll-out JANUARY-AUGUST, 2001 – Outreach events
4 Safe Harbor ImplementationSafe Harbor Implementation What are the Benefits?What are the Benefits? Who Can Join and How?Who Can Join and How? How and Where will Safe Harbor beHow and Where will Safe Harbor be Enforced?Enforced?
5 The Safe Harbor FrameworkThe Safe Harbor Framework • 7 Privacy Principles7 Privacy Principles • 15 FAQ’s15 FAQ’s • European Commission’s adequacyEuropean Commission’s adequacy determinationdetermination • Letters between U.S. Dept. ofLetters between U.S. Dept. of Commerce and the EuropeanCommerce and the European CommissionCommission • Letters from U.S. Dept. ofLetters from U.S. Dept. of Transportation and Federal TradeTransportation and Federal Trade CommissionCommission
6 The 7 Safe Harbor PrinciplesThe 7 Safe Harbor Principles 1)1) NoticeNotice 2)2) ChoiceChoice 3)3) Onward TransferOnward Transfer 4)4) SecuritySecurity 5)5) Data IntegrityData Integrity 6)6) AccessAccess 7)7) EnforcementEnforcement
7 The Safe Harbor PrinciplesThe Safe Harbor Principles (1) NOTICE(1) NOTICE  Inform individuals about the purpose for which theInform individuals about the purpose for which the information is being collected.information is being collected.  Inform individuals about how to contact theInform individuals about how to contact the organizations with inquiries or complaints.organizations with inquiries or complaints.  Provide information on the types of third parties toProvide information on the types of third parties to which information is being disclosed, and the choiceswhich information is being disclosed, and the choices and means offered for limiting its use and disclosure.and means offered for limiting its use and disclosure.
8 The Safe Harbor PrinciplesThe Safe Harbor Principles (2) CHOICE(2) CHOICE  An organization must offer individuals the opportunityAn organization must offer individuals the opportunity to choose (opt out) whether their personal informationto choose (opt out) whether their personal information is (a) to be disclosed to a third party, or (b) to be usedis (a) to be disclosed to a third party, or (b) to be used for a purpose that is incompatible with the purposesfor a purpose that is incompatible with the purposes for which it was originally collected or subsequentlyfor which it was originally collected or subsequently authorized by the individual.authorized by the individual.  Individuals must be provided with clear andIndividuals must be provided with clear and conspicuous, readily available, and affordableconspicuous, readily available, and affordable mechanisms to exercise choice.mechanisms to exercise choice.
9 The Safe Harbor PrinciplesThe Safe Harbor Principles CHOICE: Sensitive InformationCHOICE: Sensitive Information For sensitive information (i.e. medical/ healthFor sensitive information (i.e. medical/ health conditions; racial/ethnic origin; political opinions;conditions; racial/ethnic origin; political opinions; religious/ philosophical beliefs; trade unionreligious/ philosophical beliefs; trade union membership; sex life), individuals must be givenmembership; sex life), individuals must be given affirmative or explicit (opt in) choice if the informationaffirmative or explicit (opt in) choice if the information is to be disclosed to a third party or used for ais to be disclosed to a third party or used for a purpose other than those for which it was originallypurpose other than those for which it was originally collected or subsequently authorized.collected or subsequently authorized.
10 The Safe Harbor PrinciplesThe Safe Harbor Principles (3) ONWARD TRANSFER(3) ONWARD TRANSFER  To disclose information to a third party, organizationsTo disclose information to a third party, organizations must apply the notice and choice principles.must apply the notice and choice principles.  Notice and Choice are not required for data transfersNotice and Choice are not required for data transfers to an agent (someone who acts on behalf of theto an agent (someone who acts on behalf of the transferor) if it is first determined by the organizationtransferor) if it is first determined by the organization that the agent complies with the safe harborthat the agent complies with the safe harbor principles, or is subject to the directive or anotherprinciples, or is subject to the directive or another adequacy finding, or enters into a written agreementadequacy finding, or enters into a written agreement with the organizationwith the organization..
11 The Safe Harbor PrinciplesThe Safe Harbor Principles (4) SECURITY(4) SECURITY  Organizations creating, maintaining, using orOrganizations creating, maintaining, using or disseminating personal information must takedisseminating personal information must take reasonable precautions to protect it from loss, misusereasonable precautions to protect it from loss, misuse and unauthorized access, disclosure, alteration andand unauthorized access, disclosure, alteration and destruction.destruction.  Organizations must take more care to protectOrganizations must take more care to protect sensitive information, as it is defined in the principles.sensitive information, as it is defined in the principles.
12 The Safe Harbor PrinciplesThe Safe Harbor Principles (5) DATA INTEGRITY(5) DATA INTEGRITY  Personal information must be relevant for thePersonal information must be relevant for the purposes for which it is to be used. An organizationpurposes for which it is to be used. An organization may not process personal information in a way that ismay not process personal information in a way that is incompatible with the purposes for which it has beenincompatible with the purposes for which it has been collected or subsequently authorized by thecollected or subsequently authorized by the individual.individual.  To the extent necessary for those purposes, anTo the extent necessary for those purposes, an organization should take reasonable steps to ensureorganization should take reasonable steps to ensure that data is reliable for its intended use, accurate,that data is reliable for its intended use, accurate, complete, and current.complete, and current.
13 The Safe Harbor PrinciplesThe Safe Harbor Principles (6) ACCESS(6) ACCESS Individuals must have access to personal informationIndividuals must have access to personal information about them that an organization holds and be able toabout them that an organization holds and be able to correct, amend, or delete that information where it iscorrect, amend, or delete that information where it is inaccurate, except where the burden or expense ofinaccurate, except where the burden or expense of providing access would be disproportionate to theproviding access would be disproportionate to the risks to the individual’s privacy in the case inrisks to the individual’s privacy in the case in question, or where the rights of persons other thanquestion, or where the rights of persons other than the individual would be violated.the individual would be violated.
14 The Safe Harbor PrinciplesThe Safe Harbor Principles (7) ENFORCEMENT(7) ENFORCEMENT 1.1. Follow-up procedures forFollow-up procedures for verifyingverifying that safe harborthat safe harbor policies and mechanisms have been implemented;policies and mechanisms have been implemented; 2.2. Readily available and affordable independentReadily available and affordable independent recourse mechanismsrecourse mechanisms to investigate and resolveto investigate and resolve complaints brought by individuals;complaints brought by individuals; 3.3. Obligations toObligations to remedyremedy problems arising out of aproblems arising out of a failure by the organization to comply with thefailure by the organization to comply with the principles.principles.
15 DIRECT COMPLIANCE WITHDIRECT COMPLIANCE WITH THE EU DIRECTIVETHE EU DIRECTIVE CONSENTCONSENT ENTERING INTO A MODELENTERING INTO A MODEL CONTRACTCONTRACT Other Ways To ComplyOther Ways To Comply With The Directive:With The Directive:
16 Safe Harbor:Safe Harbor: Next StepsNext Steps Mid-Year ReviewMid-Year Review ““Visual” ComplianceVisual” Compliance Financial Service NegotiationsFinancial Service Negotiations DPA VisitDPA Visit EU Directive ReviewEU Directive Review
17 CONCLUSIONCONCLUSION Additional resources are available onAdditional resources are available on the safe harbor websitethe safe harbor website www.export.gov/safeharborwww.export.gov/safeharbor • Safe Harbor List (updated regularly)Safe Harbor List (updated regularly) • Safe Harbor WorkbookSafe Harbor Workbook • Safe Harbor Documents (includingSafe Harbor Documents (including Principles, FAQ’s, correspondence)Principles, FAQ’s, correspondence) • Historical Documents (including publicHistorical Documents (including public comment)comment)
18 Contact InformationContact Information Patricia Sefcik, DirectorPatricia Sefcik, Director Office of Electronic CommerceOffice of Electronic Commerce International Trade AdministrationInternational Trade Administration U.S. Department ofU.S. Department of CommerceCommerce Room 2003Room 2003 14th & Constitution Avenues, NW14th & Constitution Avenues, NW Washington, DC 20230Washington, DC 20230 Tel: (202) 482-0216Tel: (202) 482-0216 Fax: (202) 482-5522Fax: (202) 482-5522 E-Mail: patty_sefcik@ita.doc.govE-Mail: patty_sefcik@ita.doc.gov

Recomendados

香港六合彩
香港六合彩香港六合彩
香港六合彩mhffyol
 
香港六合彩 » SlideShare
香港六合彩 » SlideShare香港六合彩 » SlideShare
香港六合彩 » SlideShareriguo
 
香港六合彩|六合彩 » SlideShare
香港六合彩|六合彩 » SlideShare香港六合彩|六合彩 » SlideShare
香港六合彩|六合彩 » SlideSharejacwssvc
 
What is Jonesboro Coworking?
What is Jonesboro Coworking?What is Jonesboro Coworking?
What is Jonesboro Coworking?Steven Trotter
 
My Trip To The Mall
My Trip To The MallMy Trip To The Mall
My Trip To The Mallsarahlu7
 
Fito Paez
Fito PaezFito Paez
Fito Paezaguscapa08
 
Designer vs Developer (Barcamp Memphis 2009)
Designer vs Developer (Barcamp Memphis 2009)Designer vs Developer (Barcamp Memphis 2009)
Designer vs Developer (Barcamp Memphis 2009)Steven Trotter
 
Mcmi3interp[1]
Mcmi3interp[1]Mcmi3interp[1]
Mcmi3interp[1]stepohen hamel
 

Recomendados

香港六合彩
香港六合彩香港六合彩
香港六合彩mhffyol
 
香港六合彩 » SlideShare
香港六合彩 » SlideShare香港六合彩 » SlideShare
香港六合彩 » SlideShareriguo
 
香港六合彩|六合彩 » SlideShare
香港六合彩|六合彩 » SlideShare香港六合彩|六合彩 » SlideShare
香港六合彩|六合彩 » SlideSharejacwssvc
 
What is Jonesboro Coworking?
What is Jonesboro Coworking?What is Jonesboro Coworking?
What is Jonesboro Coworking?Steven Trotter
 
My Trip To The Mall
My Trip To The MallMy Trip To The Mall
My Trip To The Mallsarahlu7
 
Fito Paez
Fito PaezFito Paez
Fito Paezaguscapa08
 
Designer vs Developer (Barcamp Memphis 2009)
Designer vs Developer (Barcamp Memphis 2009)Designer vs Developer (Barcamp Memphis 2009)
Designer vs Developer (Barcamp Memphis 2009)Steven Trotter
 
Mcmi3interp[1]
Mcmi3interp[1]Mcmi3interp[1]
Mcmi3interp[1]stepohen hamel
 
Bariloche
BarilocheBariloche
Barilocheaguscapa08
 
I Heart Drupal
I Heart DrupalI Heart Drupal
I Heart DrupalSteven Trotter
 
Ignite Jonesboro Jan24 Tim Oppenheim
Ignite Jonesboro Jan24 Tim OppenheimIgnite Jonesboro Jan24 Tim Oppenheim
Ignite Jonesboro Jan24 Tim OppenheimSteven Trotter
 
Device Classifications
Device ClassificationsDevice Classifications
Device Classificationsshawn230230
 
Guide Til Podcast På Den Lokalhistoriske Hjemmeside
Guide Til Podcast På Den Lokalhistoriske HjemmesideGuide Til Podcast På Den Lokalhistoriske Hjemmeside
Guide Til Podcast På Den Lokalhistoriske Hjemmesidedkarkiver
 
Ignite Jonesboro Jan24 Joseph Murphy
Ignite Jonesboro Jan24 Joseph MurphyIgnite Jonesboro Jan24 Joseph Murphy
Ignite Jonesboro Jan24 Joseph MurphySteven Trotter
 
Designer vs Developer
Designer vs DeveloperDesigner vs Developer
Designer vs DeveloperSteven Trotter
 
Describing Distributions
Describing DistributionsDescribing Distributions
Describing Distributionsguestffe87d
 
It’s A Joke
It’s A JokeIt’s A Joke
It’s A Jokesarahlu7
 
Ignite Jonesboro Jan24 Steven Trotter
Ignite Jonesboro Jan24 Steven TrotterIgnite Jonesboro Jan24 Steven Trotter
Ignite Jonesboro Jan24 Steven TrotterSteven Trotter
 
JavaScript Test-Driven Development (TDD) with QUnit
JavaScript Test-Driven Development (TDD) with QUnitJavaScript Test-Driven Development (TDD) with QUnit
JavaScript Test-Driven Development (TDD) with QUnitTasanakorn Phaipool
 
Rwd設計 不是你想的那樣
Rwd設計 不是你想的那樣Rwd設計 不是你想的那樣
Rwd設計 不是你想的那樣Loren Hsu
 
六合彩,香港六合彩 » SlideShare
六合彩,香港六合彩 » SlideShare六合彩,香港六合彩 » SlideShare
六合彩,香港六合彩 » SlideShareqsilytnc
 
香港六合彩
香港六合彩香港六合彩
香港六合彩racbhe
 
香港六合彩-六合彩
香港六合彩-六合彩香港六合彩-六合彩
香港六合彩-六合彩eqhnwl
 
香港六合彩 » SlideShare
香港六合彩 » SlideShare香港六合彩 » SlideShare
香港六合彩 » SlideShareyndadubf
 
香港六合彩 » SlideShare
香港六合彩 » SlideShare香港六合彩 » SlideShare
香港六合彩 » SlideShareuoemnumu
 
International Principles for Whistleblower Legislation 2013
International Principles for Whistleblower Legislation 2013International Principles for Whistleblower Legislation 2013
International Principles for Whistleblower Legislation 2013Miqui Mel
 
Legal and ethical considerations in nursing informatics
Legal and ethical considerations in nursing informaticsLegal and ethical considerations in nursing informatics
Legal and ethical considerations in nursing informaticsAHMED ZINHOM
 
Dataprotectionactnew13 12-11-111213033116-phpapp02
Dataprotectionactnew13 12-11-111213033116-phpapp02Dataprotectionactnew13 12-11-111213033116-phpapp02
Dataprotectionactnew13 12-11-111213033116-phpapp02tinkusing
 
Overview of privacy and data protection considerations for DEVELOP
Overview of privacy and data protection considerations for DEVELOPOverview of privacy and data protection considerations for DEVELOP
Overview of privacy and data protection considerations for DEVELOPTrilateral Research
 
Keep It Secret, Keep It Safe: Security and Privacy in 21st Century Health IT
Keep It Secret, Keep It Safe: Security and Privacy in 21st Century Health IT Keep It Secret, Keep It Safe: Security and Privacy in 21st Century Health IT
Keep It Secret, Keep It Safe: Security and Privacy in 21st Century Health IT Health Informatics New Zealand
 

Mais conteúdo relacionado

Destaque

Ignite Jonesboro Jan24 Tim Oppenheim
Ignite Jonesboro Jan24 Tim OppenheimIgnite Jonesboro Jan24 Tim Oppenheim
Ignite Jonesboro Jan24 Tim OppenheimSteven Trotter
 
Device Classifications
Device ClassificationsDevice Classifications
Device Classificationsshawn230230
 
Guide Til Podcast På Den Lokalhistoriske Hjemmeside
Guide Til Podcast På Den Lokalhistoriske HjemmesideGuide Til Podcast På Den Lokalhistoriske Hjemmeside
Guide Til Podcast På Den Lokalhistoriske Hjemmesidedkarkiver
 
Ignite Jonesboro Jan24 Joseph Murphy
Ignite Jonesboro Jan24 Joseph MurphyIgnite Jonesboro Jan24 Joseph Murphy
Ignite Jonesboro Jan24 Joseph MurphySteven Trotter
 
Describing Distributions
Describing DistributionsDescribing Distributions
Describing Distributionsguestffe87d
 
It’s A Joke
It’s A JokeIt’s A Joke
It’s A Jokesarahlu7
 
Ignite Jonesboro Jan24 Steven Trotter
Ignite Jonesboro Jan24 Steven TrotterIgnite Jonesboro Jan24 Steven Trotter
Ignite Jonesboro Jan24 Steven TrotterSteven Trotter
 
JavaScript Test-Driven Development (TDD) with QUnit
JavaScript Test-Driven Development (TDD) with QUnitJavaScript Test-Driven Development (TDD) with QUnit
JavaScript Test-Driven Development (TDD) with QUnitTasanakorn Phaipool
 
Rwd設計 不是你想的那樣
Rwd設計 不是你想的那樣Rwd設計 不是你想的那樣
Rwd設計 不是你想的那樣Loren Hsu
 

Destaque (12)

Bariloche
BarilocheBariloche
Bariloche
 
I Heart Drupal
I Heart DrupalI Heart Drupal
I Heart Drupal
 
Ignite Jonesboro Jan24 Tim Oppenheim
Ignite Jonesboro Jan24 Tim OppenheimIgnite Jonesboro Jan24 Tim Oppenheim
Ignite Jonesboro Jan24 Tim Oppenheim
 
Device Classifications
Device ClassificationsDevice Classifications
Device Classifications
 
Guide Til Podcast På Den Lokalhistoriske Hjemmeside
Guide Til Podcast På Den Lokalhistoriske HjemmesideGuide Til Podcast På Den Lokalhistoriske Hjemmeside
Guide Til Podcast På Den Lokalhistoriske Hjemmeside
 
Ignite Jonesboro Jan24 Joseph Murphy
Ignite Jonesboro Jan24 Joseph MurphyIgnite Jonesboro Jan24 Joseph Murphy
Ignite Jonesboro Jan24 Joseph Murphy
 
Designer vs Developer
Designer vs DeveloperDesigner vs Developer
Designer vs Developer
 
Describing Distributions
Describing DistributionsDescribing Distributions
Describing Distributions
 
It’s A Joke
It’s A JokeIt’s A Joke
It’s A Joke
 
Ignite Jonesboro Jan24 Steven Trotter
Ignite Jonesboro Jan24 Steven TrotterIgnite Jonesboro Jan24 Steven Trotter
Ignite Jonesboro Jan24 Steven Trotter
 
JavaScript Test-Driven Development (TDD) with QUnit
JavaScript Test-Driven Development (TDD) with QUnitJavaScript Test-Driven Development (TDD) with QUnit
JavaScript Test-Driven Development (TDD) with QUnit
 
Rwd設計 不是你想的那樣
Rwd設計 不是你想的那樣Rwd設計 不是你想的那樣
Rwd設計 不是你想的那樣
 

Semelhante a 香港六合彩 » SlideShare

六合彩,香港六合彩 » SlideShare
六合彩,香港六合彩 » SlideShare六合彩,香港六合彩 » SlideShare
六合彩,香港六合彩 » SlideShareqsilytnc
 
香港六合彩
香港六合彩香港六合彩
香港六合彩racbhe
 
香港六合彩-六合彩
香港六合彩-六合彩香港六合彩-六合彩
香港六合彩-六合彩eqhnwl
 
香港六合彩 » SlideShare
香港六合彩 » SlideShare香港六合彩 » SlideShare
香港六合彩 » SlideShareyndadubf
 
香港六合彩 » SlideShare
香港六合彩 » SlideShare香港六合彩 » SlideShare
香港六合彩 » SlideShareuoemnumu
 
International Principles for Whistleblower Legislation 2013
International Principles for Whistleblower Legislation 2013International Principles for Whistleblower Legislation 2013
International Principles for Whistleblower Legislation 2013Miqui Mel
 
Legal and ethical considerations in nursing informatics
Legal and ethical considerations in nursing informaticsLegal and ethical considerations in nursing informatics
Legal and ethical considerations in nursing informaticsAHMED ZINHOM
 
Dataprotectionactnew13 12-11-111213033116-phpapp02
Dataprotectionactnew13 12-11-111213033116-phpapp02Dataprotectionactnew13 12-11-111213033116-phpapp02
Dataprotectionactnew13 12-11-111213033116-phpapp02tinkusing
 
Overview of privacy and data protection considerations for DEVELOP
Overview of privacy and data protection considerations for DEVELOPOverview of privacy and data protection considerations for DEVELOP
Overview of privacy and data protection considerations for DEVELOPTrilateral Research
 
Keep It Secret, Keep It Safe: Security and Privacy in 21st Century Health IT
Keep It Secret, Keep It Safe: Security and Privacy in 21st Century Health IT Keep It Secret, Keep It Safe: Security and Privacy in 21st Century Health IT
Keep It Secret, Keep It Safe: Security and Privacy in 21st Century Health IT Health Informatics New Zealand
 
Presentation hippa
Presentation hippaPresentation hippa
Presentation hippamaggie_Platt
 
Patient Confidentiality Training
Patient Confidentiality TrainingPatient Confidentiality Training
Patient Confidentiality Trainingkarenleach
 
Privacy and data protection primer - City of Portland
Privacy and data protection primer - City of PortlandPrivacy and data protection primer - City of Portland
Privacy and data protection primer - City of PortlandHector Dominguez
 
Privacy Ordinance in Hong Kong
Privacy Ordinance in Hong KongPrivacy Ordinance in Hong Kong
Privacy Ordinance in Hong Kong若水 鲁
 
Media ethics, issues and controversies
Media ethics, issues and controversiesMedia ethics, issues and controversies
Media ethics, issues and controversiesawainaarbee
 
Ann Cavoukian Presentation
Ann Cavoukian PresentationAnn Cavoukian Presentation
Ann Cavoukian PresentationCityAge
 

Semelhante a 香港六合彩 » SlideShare (20)

六合彩,香港六合彩 » SlideShare
六合彩,香港六合彩 » SlideShare六合彩,香港六合彩 » SlideShare
六合彩,香港六合彩 » SlideShare
 
香港六合彩
香港六合彩香港六合彩
香港六合彩
 
香港六合彩-六合彩
香港六合彩-六合彩香港六合彩-六合彩
香港六合彩-六合彩
 
香港六合彩 » SlideShare
香港六合彩 » SlideShare香港六合彩 » SlideShare
香港六合彩 » SlideShare
 
香港六合彩 » SlideShare
香港六合彩 » SlideShare香港六合彩 » SlideShare
香港六合彩 » SlideShare
 
International Principles for Whistleblower Legislation 2013
International Principles for Whistleblower Legislation 2013International Principles for Whistleblower Legislation 2013
International Principles for Whistleblower Legislation 2013
 
Legal and ethical considerations in nursing informatics
Legal and ethical considerations in nursing informaticsLegal and ethical considerations in nursing informatics
Legal and ethical considerations in nursing informatics
 
Dataprotectionactnew13 12-11-111213033116-phpapp02
Dataprotectionactnew13 12-11-111213033116-phpapp02Dataprotectionactnew13 12-11-111213033116-phpapp02
Dataprotectionactnew13 12-11-111213033116-phpapp02
 
Overview of privacy and data protection considerations for DEVELOP
Overview of privacy and data protection considerations for DEVELOPOverview of privacy and data protection considerations for DEVELOP
Overview of privacy and data protection considerations for DEVELOP
 
Keep It Secret, Keep It Safe: Security and Privacy in 21st Century Health IT
Keep It Secret, Keep It Safe: Security and Privacy in 21st Century Health IT Keep It Secret, Keep It Safe: Security and Privacy in 21st Century Health IT
Keep It Secret, Keep It Safe: Security and Privacy in 21st Century Health IT
 
LO1.pptx
LO1.pptxLO1.pptx
LO1.pptx
 
Presentation hippa
Presentation hippaPresentation hippa
Presentation hippa
 
4514611.ppt
4514611.ppt4514611.ppt
4514611.ppt
 
Patient Confidentiality Training
Patient Confidentiality TrainingPatient Confidentiality Training
Patient Confidentiality Training
 
Privacy and data protection primer - City of Portland
Privacy and data protection primer - City of PortlandPrivacy and data protection primer - City of Portland
Privacy and data protection primer - City of Portland
 
Privacy Ordinance in Hong Kong
Privacy Ordinance in Hong KongPrivacy Ordinance in Hong Kong
Privacy Ordinance in Hong Kong
 
Media ethics, issues and controversies
Media ethics, issues and controversiesMedia ethics, issues and controversies
Media ethics, issues and controversies
 
Wk1 dq2
Wk1 dq2Wk1 dq2
Wk1 dq2
 
Wk1 dq2
Wk1 dq2Wk1 dq2
Wk1 dq2
 
Ann Cavoukian Presentation
Ann Cavoukian PresentationAnn Cavoukian Presentation
Ann Cavoukian Presentation
 

Último

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 

Último (20)

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 

香港六合彩 » SlideShare

  • 1. Privacy and Security in the Information AgePrivacy and Security in the Information Age Conference, Melbourne, AustraliaConference, Melbourne, Australia August 16, 2001August 16, 2001 The United States Government’sThe United States Government’s Approach to Privacy:Approach to Privacy: The EU Directive and theThe EU Directive and the Safe Harbor FrameworkSafe Harbor Framework Patricia M. SefcikPatricia M. Sefcik U.S. Department of CommerceU.S. Department of Commerce
  • 2. 2 Privacy in Europe and the U.S.Privacy in Europe and the U.S. The European privacy system is basedThe European privacy system is based on comprehensive legislation.on comprehensive legislation. The U.S. privacy system is based onThe U.S. privacy system is based on self regulation and sector specificself regulation and sector specific legislation in highly sensitive areaslegislation in highly sensitive areas such as financial, medical, children’ssuch as financial, medical, children’s and genetic information.and genetic information.
  • 3. 3 Historical Overview: Safe HarborHistorical Overview: Safe Harbor OCTOBER 1998 – EU’s sweeping privacy directive went into effect JULY 2000 – Safe Harbor principles are deemed adequate NOVEMBER 1, 2000 – Safe Harbor becomes effective – DOC launches safe harbor website http://www.export.gov/safeharbor JANUARY 4, 2001 – Official Department of Commerce roll-out JANUARY-AUGUST, 2001 – Outreach events
  • 4. 4 Safe Harbor ImplementationSafe Harbor Implementation What are the Benefits?What are the Benefits? Who Can Join and How?Who Can Join and How? How and Where will Safe Harbor beHow and Where will Safe Harbor be Enforced?Enforced?
  • 5. 5 The Safe Harbor FrameworkThe Safe Harbor Framework • 7 Privacy Principles7 Privacy Principles • 15 FAQ’s15 FAQ’s • European Commission’s adequacyEuropean Commission’s adequacy determinationdetermination • Letters between U.S. Dept. ofLetters between U.S. Dept. of Commerce and the EuropeanCommerce and the European CommissionCommission • Letters from U.S. Dept. ofLetters from U.S. Dept. of Transportation and Federal TradeTransportation and Federal Trade CommissionCommission
  • 6. 6 The 7 Safe Harbor PrinciplesThe 7 Safe Harbor Principles 1)1) NoticeNotice 2)2) ChoiceChoice 3)3) Onward TransferOnward Transfer 4)4) SecuritySecurity 5)5) Data IntegrityData Integrity 6)6) AccessAccess 7)7) EnforcementEnforcement
  • 7. 7 The Safe Harbor PrinciplesThe Safe Harbor Principles (1) NOTICE(1) NOTICE  Inform individuals about the purpose for which theInform individuals about the purpose for which the information is being collected.information is being collected.  Inform individuals about how to contact theInform individuals about how to contact the organizations with inquiries or complaints.organizations with inquiries or complaints.  Provide information on the types of third parties toProvide information on the types of third parties to which information is being disclosed, and the choiceswhich information is being disclosed, and the choices and means offered for limiting its use and disclosure.and means offered for limiting its use and disclosure.
  • 8. 8 The Safe Harbor PrinciplesThe Safe Harbor Principles (2) CHOICE(2) CHOICE  An organization must offer individuals the opportunityAn organization must offer individuals the opportunity to choose (opt out) whether their personal informationto choose (opt out) whether their personal information is (a) to be disclosed to a third party, or (b) to be usedis (a) to be disclosed to a third party, or (b) to be used for a purpose that is incompatible with the purposesfor a purpose that is incompatible with the purposes for which it was originally collected or subsequentlyfor which it was originally collected or subsequently authorized by the individual.authorized by the individual.  Individuals must be provided with clear andIndividuals must be provided with clear and conspicuous, readily available, and affordableconspicuous, readily available, and affordable mechanisms to exercise choice.mechanisms to exercise choice.
  • 9. 9 The Safe Harbor PrinciplesThe Safe Harbor Principles CHOICE: Sensitive InformationCHOICE: Sensitive Information For sensitive information (i.e. medical/ healthFor sensitive information (i.e. medical/ health conditions; racial/ethnic origin; political opinions;conditions; racial/ethnic origin; political opinions; religious/ philosophical beliefs; trade unionreligious/ philosophical beliefs; trade union membership; sex life), individuals must be givenmembership; sex life), individuals must be given affirmative or explicit (opt in) choice if the informationaffirmative or explicit (opt in) choice if the information is to be disclosed to a third party or used for ais to be disclosed to a third party or used for a purpose other than those for which it was originallypurpose other than those for which it was originally collected or subsequently authorized.collected or subsequently authorized.
  • 10. 10 The Safe Harbor PrinciplesThe Safe Harbor Principles (3) ONWARD TRANSFER(3) ONWARD TRANSFER  To disclose information to a third party, organizationsTo disclose information to a third party, organizations must apply the notice and choice principles.must apply the notice and choice principles.  Notice and Choice are not required for data transfersNotice and Choice are not required for data transfers to an agent (someone who acts on behalf of theto an agent (someone who acts on behalf of the transferor) if it is first determined by the organizationtransferor) if it is first determined by the organization that the agent complies with the safe harborthat the agent complies with the safe harbor principles, or is subject to the directive or anotherprinciples, or is subject to the directive or another adequacy finding, or enters into a written agreementadequacy finding, or enters into a written agreement with the organizationwith the organization..
  • 11. 11 The Safe Harbor PrinciplesThe Safe Harbor Principles (4) SECURITY(4) SECURITY  Organizations creating, maintaining, using orOrganizations creating, maintaining, using or disseminating personal information must takedisseminating personal information must take reasonable precautions to protect it from loss, misusereasonable precautions to protect it from loss, misuse and unauthorized access, disclosure, alteration andand unauthorized access, disclosure, alteration and destruction.destruction.  Organizations must take more care to protectOrganizations must take more care to protect sensitive information, as it is defined in the principles.sensitive information, as it is defined in the principles.
  • 12. 12 The Safe Harbor PrinciplesThe Safe Harbor Principles (5) DATA INTEGRITY(5) DATA INTEGRITY  Personal information must be relevant for thePersonal information must be relevant for the purposes for which it is to be used. An organizationpurposes for which it is to be used. An organization may not process personal information in a way that ismay not process personal information in a way that is incompatible with the purposes for which it has beenincompatible with the purposes for which it has been collected or subsequently authorized by thecollected or subsequently authorized by the individual.individual.  To the extent necessary for those purposes, anTo the extent necessary for those purposes, an organization should take reasonable steps to ensureorganization should take reasonable steps to ensure that data is reliable for its intended use, accurate,that data is reliable for its intended use, accurate, complete, and current.complete, and current.
  • 13. 13 The Safe Harbor PrinciplesThe Safe Harbor Principles (6) ACCESS(6) ACCESS Individuals must have access to personal informationIndividuals must have access to personal information about them that an organization holds and be able toabout them that an organization holds and be able to correct, amend, or delete that information where it iscorrect, amend, or delete that information where it is inaccurate, except where the burden or expense ofinaccurate, except where the burden or expense of providing access would be disproportionate to theproviding access would be disproportionate to the risks to the individual’s privacy in the case inrisks to the individual’s privacy in the case in question, or where the rights of persons other thanquestion, or where the rights of persons other than the individual would be violated.the individual would be violated.
  • 14. 14 The Safe Harbor PrinciplesThe Safe Harbor Principles (7) ENFORCEMENT(7) ENFORCEMENT 1.1. Follow-up procedures forFollow-up procedures for verifyingverifying that safe harborthat safe harbor policies and mechanisms have been implemented;policies and mechanisms have been implemented; 2.2. Readily available and affordable independentReadily available and affordable independent recourse mechanismsrecourse mechanisms to investigate and resolveto investigate and resolve complaints brought by individuals;complaints brought by individuals; 3.3. Obligations toObligations to remedyremedy problems arising out of aproblems arising out of a failure by the organization to comply with thefailure by the organization to comply with the principles.principles.
  • 15. 15 DIRECT COMPLIANCE WITHDIRECT COMPLIANCE WITH THE EU DIRECTIVETHE EU DIRECTIVE CONSENTCONSENT ENTERING INTO A MODELENTERING INTO A MODEL CONTRACTCONTRACT Other Ways To ComplyOther Ways To Comply With The Directive:With The Directive:
  • 16. 16 Safe Harbor:Safe Harbor: Next StepsNext Steps Mid-Year ReviewMid-Year Review ““Visual” ComplianceVisual” Compliance Financial Service NegotiationsFinancial Service Negotiations DPA VisitDPA Visit EU Directive ReviewEU Directive Review
  • 17. 17 CONCLUSIONCONCLUSION Additional resources are available onAdditional resources are available on the safe harbor websitethe safe harbor website www.export.gov/safeharborwww.export.gov/safeharbor • Safe Harbor List (updated regularly)Safe Harbor List (updated regularly) • Safe Harbor WorkbookSafe Harbor Workbook • Safe Harbor Documents (includingSafe Harbor Documents (including Principles, FAQ’s, correspondence)Principles, FAQ’s, correspondence) • Historical Documents (including publicHistorical Documents (including public comment)comment)
  • 18. 18 Contact InformationContact Information Patricia Sefcik, DirectorPatricia Sefcik, Director Office of Electronic CommerceOffice of Electronic Commerce International Trade AdministrationInternational Trade Administration U.S. Department ofU.S. Department of CommerceCommerce Room 2003Room 2003 14th & Constitution Avenues, NW14th & Constitution Avenues, NW Washington, DC 20230Washington, DC 20230 Tel: (202) 482-0216Tel: (202) 482-0216 Fax: (202) 482-5522Fax: (202) 482-5522 E-Mail: patty_sefcik@ita.doc.govE-Mail: patty_sefcik@ita.doc.gov

Notas do Editor

  1. The U.S. and the EU have very different approaches to data privacy protection.
  2. Implications of the EU directive: The EU directive prohibits the transfer of personal data to non-EU countries that do not provide “adequate” privacy protection. The EU directive covers all industry sectors and virtually all personal data. European authorities could legally stop data flows at any time. In 1999, the U.S. had approximately $350 billion in trade with the EU. Over $120 billion in two-way trade with EU is dependent upon access to personal information. The U.S. and EU are committed to bridging different approaches to privacy while maintaining data flows and high level of privacy protection.
  3. Benefits of implementing the safe harbor framework: Predictability and Continuity (all 15 Member States bound by adequacy determination) Eliminates need for prior approval to begin data transfers Flexible privacy regime more congenial to U.S. approach Simpler/more efficient means of compliance. What organizations may join safe harbor? U.S. organizations subject to jurisdiction of the FTC or the Dept. of Transportation. Financial services (Treasury), telecommunications (FCC) (common carriers) and not-for-profits are currently ineligible Who should join? Organizations that receive personally identifiable information from EU member states must demonstrate “adequate” privacy protections. Organizations that have not identified another basis for demonstrating “adequacy” should consider joining safe harbor. Please be aware that decisions by U.S. organizations to join the Safe Harbor are entirely voluntary. How may organizations join? Organizations may self-certify via the Department of Commerce’s safe harbor website http://www.export.gov/safeharbor or by sending the Department of Commerce a letter. Organizations must comply with the framework’s requirements and publicly declare (see Jeff on this point) that they do so. Once received, the information is reviewed for “completeness”. To be assured of safe harbor benefits, an organization needs to self-certify annually to the DOC. How and Where will Safe Harbor be Enforced? In general, enforcement will take place in U.S, in accordance with U.S. law, and will rely, to a great extent, on private sector enforcement. If an organization persistently fails to comply with safe harbor requirements, it is no longer entitled to safe harbor benefits. Independent recourse mechanisms are required to notify DOC of such facts. Safe Harbor list will indicate failure to comply. Failure to comply may also result in an enforcement action by the FTC or DoT. Both exercise their unfair and deceptive practice authority if the company doesn’t live up to its SH commitments.
  4. An organization entering the safe harbor must adhere to 7 privacy principles.
  5. Taking more care to protect sensitive info includes: heightened awareness, internal customized business models, and more secure servers. There is no joint led approach/request as to the “specifics” of this principle.
  6. The burden or expense is unreasonable due to the cost, logistics and resources. One can not separate or extract data without compromising other data.
  7. ENFORCEMENT has three components: Verification, Dispute Resolution and Remedies. Organizations must have the following enforcement mechanisms in place: 1. Verification An organization may use a self-assessment or an outside/third-party assessment program. Under self-assessment, a statement verifying the self-assessment should be signed by a corporate officer or other authorized representative at least once a year. Under outside assessment, a verification statement should be signed either by the reviewer or by the corporate officer/authorized representative at least once a year. 85% of the 80 firms do self assessment vs. third party assessments, which are noted on self certifying forms. 2. Dispute Resolution Organizations may choose to have disputes resolved by third-party dispute resolution programs, or they may choose to cooperate with the European Data Protection Authorities (DPA’s). Third Party Dispute Resolution Programs: TRUSTe BBBOnLine Direct Marketing Associations (DMA) American Institute of Certified Public Accountants (AICPA) Judicial Arbitration and Mediation Service (JAMS/Endispute) WebTrust Entertainment Software Rating Board There is a 50% split: SME’s usually go with DPA’s due to the cost ease and larger third party organizations go with 3rd party dispute resolution programs, noted on self certifying forms. In the case of human resources data, the organization must agree to cooperate with the DPA’s. 3. Human Resources Data See FAQ 9 Organizations transferring employee data from Europe to the U.S. must: 1) Agree to cooperate with the EU DPAs for purposes of dispute resolution; and 2) Comply with member state law regarding the use of information (i.e. processing requirements). Employers in EU must comply with member state regulations and ensure that employees have access to such information. Organization processing such data in the U.S. must provide access either directly or through the EU employer. 4. Remedies
  8. The Safe Harbor is not the only means to complying with the EU Adequacy requirement. Direct compliance with the EU Directive Consent Entering into a Model Contract At the conclusion of the safe harbor negotiations in 2000, the EU began developing standard contractual provisions to be used as another means to comply with the Directive. On June 18 … ICC Proposal … Commerce is currently in the process of consulting with a broad range of stakeholders on how we should work with safe harbor, model contracts and other options to ensure efficient data transfers.
  9. Financial Service Negotiations The Treasury Department, in consultation with with DOC, is the lead negotiator concerning financial services. Treasury’s objective is to negotiate an adequacy determination from the European Commission for the Gramm Leach Bliley Act. EU Directive Review According to an EU official there has been no standstill on enforcement. If data has been flowing to recipients in the U.S. in the absence of an adequacy finding, it is because the data protection directive provides for this in various ways (exceptions – article 26.1; Contracts - art 26.2, etc). An adequacy finding is nevertheless desirable because it provides greater legal certainty and simplified procedures for data exporters and importers.