Cyber Crime and Cyber Security Data Protection Implications and Financial Regulation Expectations
|
|
- Suzanna Lee
- 6 years ago
- Views:
Transcription
1 Cyber Crime and Cyber Security Data Protection Implications and Financial Regulation Expectations Denis Kelleher Senior Legal Counsel, Central Bank of Ireland Joern Dobberstein IT Risk Supervision, Central Bank of Ireland Michael Gubbins Detective Superintendent, Garda Cyber Crime Bureau, Garda Siochana Dublin, 19 September 2017
2 Minister Pat Breen Minister of State with special responsibility for Trade, Employment, Business, EU Digital Single Market and Data Protection 2
3 Denis Kelleher (Chair) Senior Legal Counsel Central Bank of Ireland 3
4 Cyber Crime and Cyber Security: Data Protection Implications and Financial Regulation Expectations Denis Kelleher Senior Legal Counsel, Central Bank of Ireland Central Bank of Ireland - UNRESTRICTED
5 Today s agenda Time Speaker 9.15 Minister Pat Breen - Minister of State with special responsibility for Trade, Employment, Business, EU Digital Single Market and Data Protection 9.30 Denis Kelleher - Senior Legal Counsel, Central Bank of Ireland Michael Gubbins - Detective Superintendent, Garda Cyber Crime Bureau, Garda Siochana Questions Coffee break Joern Dobberstein - Inspections Manager, Banking Supervision Onsite Inspections, Central Bank of Ireland Denis Kelleher - Senior Legal Counsel, Central Bank of Ireland Questions Close Central Bank of Ireland - UNRESTRICTED
6 What I am going to talk about 1.Why care about cybercrime? 2.Discuss changes in the law that will: i. Improve protections; Criminal Justice (Offences Relating to Information Systems) Act 2017 ii. Enhance remedies The GDPR Central Bank of Ireland - UNRESTRICTED
7 We live in a connected world Rely on internet a lot more: 87% of households had access to the internet at home in % of those aged used smartphones to access the internet We use the internet to do more: 18% use it to buy/renew insurance 2% use it to buy or sell investments 2% use it to arrange credit Central Bank of Ireland - UNRESTRICTED
8 There are lots of data risks: Payments software failure prevented thousands getting paid HSBC August 2015 IT contractor plugging out power supply led to flights being cancelled Fire British Airways June 2017 Four Courts fire of 1922 destroyed census returns, wills and parish registers Mislaying documents in a car park AIB September 2017 Central Bank of Ireland - UNRESTRICTED
9 But governance failure is the biggest risk of all Ulster Bank June/July 2012 IT and governance failings by the Firm that resulted in approximately 600,000 customers being deprived of essential and basic banking services over a 28 day period failed to have robust governance arrangements in relation to its IT systems and controls IT failure also threatened confidence in the operation of the retail banking sector as it effectively prevented the Firm from participating in the process used to settle payments among banks Fined 3.5 million Central Bank of Ireland - UNRESTRICTED
10 Cybercrime is a particular risk Equifax Data on up to 143 million Americans stolen hackers accessed people s names, Social Security numbers, birth dates, addresses and, in some instances, driver s license numbers Alleged cause was failure to patch software Breach in mid-may Discovered in July Disclosed in this month 2 executives have now stepped down Bank of Bangladesh $81 million stolen by fake transfer orders Had sought $1 billion many orders were blocked or reversed 15 million recovered Remainder being laundered through casinos Central Bank of Ireland - UNRESTRICTED
11 What criminal laws do we have? Criminal Damage Act 1991 Offence of unauthorised access to data repealed by 2017 Act Criminal Justice (Theft and Fraud Offences) Act 2000 A person who dishonestly, whether within or outside the State, operates or causes to be operated a computer within the State with the intention of making a gain for himself or herself or another, or of causing loss to another, is guilty of an offence section 9 Making gain or causing loss by deception section 6 Obtaining services by deception section 7 Central Bank of Ireland - UNRESTRICTED
12 Criminal Justice (Offences Relating to Information Systems) Act 2017 Implements Directive 2013/40/EU on attacks against information systems Creates 5 new offences in sections: 2. Accessing information system without lawful authority, etc.; 3. Interference with information system without lawful authority; 4. Interference with data without lawful authority; 5. Intercepting transmission of data without lawful authority 6. Use of computer programme, password, code or data for purposes of section 2, 3, 4 or 5 Central Bank of Ireland - UNRESTRICTED
13 Definitions are simple data means any representation of facts, information or concepts in a form capable of being processed in an information system, and includes a programme capable of causing an information system to perform a function information system means (a) a device or group of interconnected or related devices, one or more than one of which performs automatic processing of data pursuant to a programme, and (b) data stored, processed, retrieved or transmitted by such a device or group of devices for the purposes of the operation, use, protection or maintenance of the device or group of devices, as the case may be; lawful authority, in relation to an information system, means (a) with the authority of the owner of the system, (b) with the authority of a right holder of the system, or (c) as permitted by law; Central Bank of Ireland - UNRESTRICTED
14 Accessing information system without lawful authority, A person who, without lawful authority or reasonable excuse, intentionally accesses an information system by infringing a security measure shall be guilty of an offence Central Bank of Ireland - UNRESTRICTED
15 Interference with information system without lawful authority A person who, without lawful authority, intentionally hinders or interrupts the functioning of an information system by a) inputting data on the system, b) transmitting, damaging, deleting, altering or suppressing, or causing the deterioration of, data on the system, or c) rendering data on the system inaccessible, shall be guilty of an offence. Central Bank of Ireland - UNRESTRICTED
16 Interference with data without lawful authority A person who, without lawful authority, intentionally deletes, damages, alters or suppresses, or renders inaccessible, or causes the deterioration of, data on an information system shall be guilty of an offence. Central Bank of Ireland - UNRESTRICTED
17 Intercepting transmission of data without lawful authority A person who, without lawful authority, intentionally intercepts any transmission (other than a public transmission) of data to, from or within an information system (including any electromagnetic emission from such an information system carrying such data), shall be guilty of an offence. Central Bank of Ireland - UNRESTRICTED
18 Use of computer programme, password, code or data for purposes of section 2, 3, 4 or 5 A person who, without lawful authority, intentionally produces, sells, procures for use, imports, distributes, or otherwise makes available, for the purpose of the commission of an offence under section 2, 3, 4 or 5 a) any computer programme that is primarily designed or adapted for use in connection with the commission of such an offence, or b) any device, computer password, unencryption key or code, or access code, or similar data, by which an information system is capable of being accessed, shall be guilty of an offence. Central Bank of Ireland - UNRESTRICTED
19 Penalties section 8 Fines & up to 5 years imprisonment for: 2. Accessing information system without lawful authority, etc.; 4. Interference with data without lawful authority; 5. Intercepting transmission of data without lawful authority 6. Use of computer programme, password, code or data for purposes of section 2, 3, 4 or 5 Fines & up to 10 years imprisonment for: 3. Interference with information system without lawful authority Section 8(4) a) Where a court is determining the sentence to be imposed on a person for an offence under section 3 or 4, the fact that the commission of the offence involved misusing the personal data of another person with the aim of gaining the trust of a third party, thereby causing prejudice to the rightful identity owner, shall be treated as an aggravating factor b) Accordingly, the court shall (except when there are exceptional circumstances ) impose a sentence that is greater than that which would have been imposed in the absence of such a factor c) The sentence imposed shall not be greater than the maximum sentence permissible Central Bank of Ireland - UNRESTRICTED
20 Greater risks: data protection GDPR will apply from 25 th May 2018 Provides subjects with a straight-forward mechanism for recovering damages following a data-breach Mechanism is contains a number of steps 1. Article (5)(1) creates principle of integrity and confidentiality. Personal data must be: processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. 2. Article 5(2) creates principle of accountability : The controller shall be responsible for, and be able to demonstrate compliance with (the above) Central Bank of Ireland - UNRESTRICTED
21 Duty to secure 1. Take into account the following: a) state of the art; b) costs of implementation; c) nature, scope, context and purposes of processing; d) risk of varying likelihood and severity for the rights and freedoms of natural persons. 2. Then controller and processor must: implement appropriate technical and organisational measures' 3. To: 'ensure a level of security appropriate to the risk. Article 32, GDPR Central Bank of Ireland - UNRESTRICTED 21
22 Appropriate measures a) the pseudonymisation and encryption of personal data; b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. Central Bank of Ireland - UNRESTRICTED
23 Risk assessment In assessing the appropriate level of security account shall be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed. The controller and processor shall take steps to ensure that any natural person acting under the authority of the controller or the processor who has access to personal data does not process them except on instructions from the controller, unless he or she is required to do so by Union or Member State law. Central Bank of Ireland - UNRESTRICTED
24 4. GDPR forces controllers to admit they have failed In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority. unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons Central Bank of Ireland - UNRESTRICTED
25 4. Admission of Liability? When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay. The communication shall describe in clear and plain language the nature of the personal data breach Do not have to communicate if: a) measures were applied that render the personal data unintelligible to any person who is not authorised to access it, such as encryption b) controller taken subsequent measures to mitigate risk; or c) it would involve disproportionate effort. Central Bank of Ireland - UNRESTRICTED
26 but actions for damages will 'Any person who has suffered material or nonmaterial damage as a result of an infringement of this Regulation shall have the right to receive compensation from the controller or processor for the damage suffered. Article 82, GDPR Central Bank of Ireland - UNRESTRICTED 26
27 Class actions? The data subject shall have the right to mandate a not-for-profit body, organisation or association: 1. properly constituted in accordance with the law of a Member State 2. has statutory objectives which are in the public interest 3. is active in the field of the protection of data subjects' rights and freedoms to lodge the complaint and exercise the right to compensation on his or her behalf where provided for by Member State law. Article 80, GDPR But see: Persona Digital Telephony Ltd [2017] IESC 27 (23 May 2017) Central Bank of Ireland - UNRESTRICTED 27
28 Administrative fines 'Each supervisory authority shall ensure that the imposition of administrative fines shall in each individual case be effective, proportionate and dissuasive. Imposed in addition to or as alternative to corrective measures such as bans, rectification Take various factors into account: intentional or negligent character of the infringement; efforts to mitigate damage; history of controller/processor; did controller notify DPC? Central Bank of Ireland - UNRESTRICTED
29 Category 1 fines Up to 2% of global turnover or 10m in respect of the following breaches: 1. Obligations of controllers DPO, DPIA etc 2. Processing of children s data 3. Failure to effectively anonymise data 4. Breach of certification rules Central Bank of Ireland - UNRESTRICTED
30 Category 2 fines Up to 4% of global turnover or 20m in respect of the following breaches: 1. Basic principles of processing 2. Subject rights 3. Transfers outside EEA 4. Rules around processing in context of employment, by journalists, or FOI 5. Breach of a ban on processing Central Bank of Ireland - UNRESTRICTED
31 Thank you & Good Morning Central Bank of Ireland - UNRESTRICTED
32 Michael Gubbins Detective Superintendent Garda Cyber Crime Bureau An Garda Síochána Cyber Crime & Cyber threats in Ireland A Garda Perspective 32
33 On request of Michael Gubbins, his slides can not be shared with the audience. Apologies for any inconvenience caused 33
34 Questions 34
35 Coffee Break 35
36 Joern Dobberstein Inspections Manager Banking Supervision Onsite Inspections Central Bank of Ireland Cyber risk expectations for Irish-licensed banks 36
37 Cyber risk management expectations for Irish-licensed banks Joern Dobberstein
38 Agenda 1. Expectation for managing Cybersecurity risk 2. Practical examples of key expectations vs. identified weaknesses 3. Closure 38
39 1. Expectations for managing Cybersecurity risk The 2016 Cross Industry Guidance in respect to IT and Cybersecurity Risk The SSM on-site methodology for Cybersecurity management 39
40 1. Expectations for managing Cybersecurity risk Cross Industry Guidance in respect of Information Technology and Cybersecurity Risks 1 Issued by the Central Bank in September expectations for Cybersecurity risk management Principle based
41 Expectations for managing Cybersecurity risk Key Messages for Industry (Cybersecurity) Cyber risk should be among the Board s top priorities Identify your crown jewels and adequately safeguard Participate in cyber information sharing networks Prepare for the worst Resilience and Contingency Planning Address the human factor 41
42 Human Error Source: 42
43 1. Expectations for managing Cybersecurity risk Two examples of expectations The firm notifies the Central Bank when it becomes aware of a cybersecurity incident that could have a significant and adverse effect on the firm s ability to provide adequate services to its customers, its reputation or financial condition Firms consider relevant good practices and internationally adopted frameworks for IT security risk management as may be appropriate for their firm. 43
44 1. Expectations for managing Cybersecurity risk SSM on-site methodology on Cybersecurity Aligned to NIST Framework for Cybersecurity
45 2. Expectations vs. Key Issues: Identify Effective IT governance framework IT risk management strategy IT risk assessment process Holistic IT risk register Holistic IT asset inventory or CMDB X No or poor IT Risk management frameworks, policies & procedures X No or poor IT risk appetite statements X Poor IT risk registers X Poor asset management and no holistic IT asset registers. No CMDBs. No inclusion of third parties. 45
46 2. Expectations vs. Key Issues: Protect Formal IT security policies, processes and procedures User Access Controls Protective technology & hardening Cybersecurity awareness training X IT Security documents are fragmented X No formal user recertification processes X Limited use of network segregation, vulnerability scanning or penetration testing X No formal IT security / Cybersecurity training 46
47 2. Expectations vs. Key Issues: Detect Process to detect Cybersecurity events in a timely manner Use of technology (SIEM) to detect IT security events Maintain and test the effectiveness of detective measures X Limited use of log file monitoring & analysis X Limited use anti-virus / malware X Poor distribution of IDS systems X Limited knowledge of IT assets X Limited testing of IT security technology 47
48 2. Expectations vs. Key Issues: Respond Processes to respond to a Cybersecurity incident in a timely and planned manner Containment of identified incidents Coordinate response communication X Response is not planned, rather follows IT incident path X Poor network segregation restricts capability of containment X No planned and coordinated communication for Cybersecurity incidents 48
49 2. Expectations vs. Key Issues: Recover Recovery processes and procedures that ensure a timely restoration of systems Define recovery time objectives (RTOs) and recovery point objectives (RPOs) Test of recovery processes Coordinated restoration activities with internal and external stakeholders X Outdated business impact assessments (BIA) X Poor business continuity plans (BCP) X External parties not included in recovery X No formal testing of BCPs 49
50 3. Closure 64% of all noted findings from on-site IT inspection fall into just three IT risk areas: IT Security (30%) IT Risk Management (19%) Business Continuity (15%) These three IT risk areas are fundamental for Cybersecurity management 50
51 3. Closure Robert Mueller (former FBI Director): There are only two types of companies: those that have been hacked, and those that will be. Attackers need to succeed only once; defenders have to be perfect every single time. 51
52 Thank you Joern Dobberstein, Inspections Manager, IT Risk Inspections, Banking Supervision, CBI 52
53 Denis Kelleher (Chair) Senior Legal Counsel Central Bank of Ireland 53
54 Cyber Crime and Cyber Security: Data Protection Implications and Financial Regulation Expectations Denis Kelleher Senior Legal Counsel, Central Bank of Ireland Central Bank of Ireland - UNRESTRICTED
55 What I will talk about now: New rules on: Evidence Jurisdiction; and New functions of the State under Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union. Central Bank of Ireland - UNRESTRICTED 55
56 Passwords & encryption 2014: A computer science student accused of hacking offences has been jailed for six months for failing to hand over his encryption passwords, which he had been urged to do in "the interests of national security" The international director of the campaign group Cage has pleaded not guilty to a terror offence after refusing to give police the passcode to his mobile phone at Heathrow airport last year Trial starts next Monday San Bernadino - Apple Central Bank of Ireland - UNRESTRICTED 56
57 Passwords - Criminal Justice Act 2011 Section 15 For the purposes of the investigation of a relevant offence, a member of the Garda Síochána may apply to a judge of the District Court for an order under this section in relation to a) the making available by a person of any particular documents or documents of a particular description, or b) the provision by a person of particular information by answering questions or making a statement containing the information, Or both Central Bank of Ireland - UNRESTRICTED 57
58 Criminal Justice Act 2011 section 15 District Judge may make an order where: a) there are reasonable grounds for suspecting that a person has possession or control of particular documents or documents of a particular description, b) there are reasonable grounds for believing that the documents are relevant to the investigation of the relevant offence concerned c) there are reasonable grounds for suspecting that the documents (or some of them) may constitute evidence of or relating to the commission of that offence, and d) there are reasonable grounds for believing that the documents should be produced or that access to them should be given, having regard to the benefit likely to accrue to the investigation and any other relevant circumstances, Central Bank of Ireland - UNRESTRICTED 58
59 Criminal Justice Act 2011 section 15 District Judge may order that the person: produce the documents to a member of the Garda Síochána give such a member access to them, Where the documents concerned are not in legible form, an order under this section shall have effect as an order a) to give to a member of the Garda Síochána any password necessary to make the documents legible and comprehensible b) otherwise to enable the member of the Garda Síochána to examine the documents in a form in which they are legible and comprehensible, or c) to produce the documents to the member of the Garda Síochána in a form in which they can be removed and in which they are, or can be made, legible and comprehensible. Central Bank of Ireland - UNRESTRICTED 59
60 Criminal Justice Act section 15 It is an offence not to comply with such an order without reasonable excuse Punishable by a fine and up to 2 years imprisonment It is similarly an offence for: who, in purported compliance with an order under this section provides information or makes a statement which is false or misleading in a material particular knowing it to be so false or misleading, or being reckless as to whether it is so Central Bank of Ireland - UNRESTRICTED 60
61 Criminal Justice Act 2011 section 17 Concealing facts disclosed by documents Any person who a) knows or suspects that an investigation by the Garda Síochána into a relevant offence is being or is likely to be carried out, and b) falsifies, conceals, destroys or otherwise disposes of a document or record which he or she knows or suspects is or would be relevant to the investigation or causes or permits its falsification, concealment, destruction or disposal Shall be guilty of an offence Punishable by a fine and up to 5 years imprisonment Central Bank of Ireland - UNRESTRICTED 61
62 Criminal Justice Act 2011 section 17 Withholding of information: A person shall be guilty of an offence if he or she has information which he or she knows or believes might be of material assistance in a) A person shall be guilty of an offence if he or she has information which he or she knows or believes might be of material assistance in b) securing the apprehension, prosecution or conviction of any other person for a relevant offence, and fails without reasonable excuse to disclose that information as soon as it is practicable to do so to a member of the Garda Síochána Punishable by a fine and up to 5 years imprisonment Central Bank of Ireland - UNRESTRICTED 62
63 Cyber-crime is a global phenomenon Wannacry Part of NSA suite of cyber-tools that were leaked on stolen Microsoft released a security patch for the vulnerabilities in March Not everyone applied this (legacy systems) Attack affected 150 countries, affecting 200,000 computers, Victims included: Global companies (FedEx, Nissan) China (Colleges & petrol stations) Germany (Deutsche Bahn) Russia (Central Bank, interior Ministry, railways, communications) UK (NHS) Central Bank of Ireland - UNRESTRICTED 63
64 Marcus Hutchins Wannacry stopped by Marcus Hutchins Found kill-switch in the UK Was then arrested in USA by the FBI over his alleged involvement in separate malicious software targeting bank accounts Originated in: North Korea? China? Central Bank of Ireland - UNRESTRICTED 64
65 Criminal Justice (Offences Relating to Information Systems) Act 2017 Jurisdiction - Act applies to: a) by the person in the State in relation to an information system outside the State b) by the person outside the State in relation to an information system in the State c) by the person outside the State in relation to an information system outside the State if that person is: an Irish citizen; a person ordinarily resident in the State; a body corporate established under the law of the State; A company formed or established pursuant to the Companies Act 2016 In addition the action complained of must be an offence both there and here ordinarily resident means he or she has had his or her principal residence in the State for the period of 12 months immediately preceding the alleged commission of the relevant offence Central Bank of Ireland - UNRESTRICTED
66 GDPR - Jurisdiction GDPR: applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not. This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to: a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or b) the monitoring of their behaviour as far as their behaviour takes place within the Union. Central Bank of Ireland - UNRESTRICTED 66
67 Directive (EU) 2016/ security of network and information systems across the EU National strategy on the security of network and information systems Article 7, published in 2015 Require the establishment of Computer security incident response teams (CSIRTs) Co-operation group CSIRTs network Central Bank of Ireland - UNRESTRICTED 67
68 Notifications Article 14: Member States shall ensure that operators of essential services take appropriate and proportionate technical and organisational measures to manage the risks posed to the security of network and information systems which they use in their operations. Having regard to the state of the art, those measures shall ensure a level of security of network and information systems appropriate to the risk posed Member States shall ensure that operators of essential services take appropriate measures to prevent and minimise the impact of incidents affecting the security of the network and information systems used for the provision of such essential services, with a view to ensuring the continuity of those services Member States shall ensure that operators of essential services notify, without undue delay, the competent authority or the CSIRT of incidents having a significant impact on the continuity of the essential services they provide. Notification shall not make the notifying party subject to increased liability Central Bank of Ireland - UNRESTRICTED 68
69 Security requirements Article 16 Member States shall ensure that digital service providers identify and take appropriate and proportionate technical and organisational measures to manage the risks posed to the security of network and information systems which they use in the context of offering services Having regard to the state of the art, those measures shall ensure a level of security of network and information systems appropriate to the risk posed Take into account the following: a) the security of systems and facilities b) incident handling; c) business continuity management; d) monitoring, auditing and testing; e) compliance with international standards Central Bank of Ireland - UNRESTRICTED 69
70 Security requirements Article 16 Member States shall ensure that operators of essential services notify, without undue delay, the competent authority or the CSIRT of incidents having a significant impact on the continuity of the essential services they provide. Notifications shall include information enabling the competent authority or the CSIRT to determine any cross-border impact of the incident. Notification shall not make the notifying party subject to increased liability. Central Bank of Ireland - UNRESTRICTED 70
71 Questions 71
72 Thank you 72
Analysis of Directive 2013/40/EU on attacks against information systems in the context of approximation of law at the European level
Analysis of Directive 2013/40/EU on attacks against information systems in the context of approximation of law at the European level Lecturer Adrian Cristian MOISE, PhD. Postdoctoral researcher, Titu Maiorescu
More informationSUPPLIER DATA PROCESSING AGREEMENT
SUPPLIER DATA PROCESSING AGREEMENT This Data Protection Agreement ("Agreement"), dated ("Agreement Effective Date") forms part of the ("Principal Agreement") between: [Company name] (hereinafter referred
More informationDATA PROCESSING AGREEMENT. between [Customer] (the "Controller") and LINK Mobility (the "Processor")
DATA PROCESSING AGREEMENT between [Customer] (the "Controller") and LINK Mobility (the "Processor") Controller Contact Information Name: Title: Address: Phone: Email: Processor Contact Information Name:
More informationFUJITSU Cloud Service K5: Data Protection Addendum
FUJITSU Cloud Service K5: Data Protection Addendum May 24, 2018 This Data Protection Addendum (the "Addendum") forms part of the FUJITSU Cloud Service K5: TERMS OF USE (the "Agreement") between the Customer
More informationData Processing Agreement. <<Health Service Provider>> The National Message Broker Service known as Healthlink
Between And The National Message Broker Service known as Healthlink THIS AGREEMENT is dated and made between: (1) , which has its principle administrative
More informationTelekom Austria Group Standard Data Processing Agreement
Telekom Austria Group Standard Data Processing Agreement This Agreement is entered into by and between: I. [TAG Company NAME], a company duly established and existing under the laws of [COUNTRY] with its
More informationREPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL
EUROPEAN COMMISSION Brussels, 13.9.2017 COM(2017) 474 final REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL assessing the extent to which the Member States have taken the necessary
More informationSUBSIDIARY LEGISLATION DATA PROTECTION (PROCESSING OF PERSONAL DATA IN THE POLICE SECTOR) REGULATIONS
DATA PROTECTION (PROCESSING OF PERSONAL DATA IN THE POLICE SECTOR) [S.L.440.05 1 SUBSIDIARY LEGISLATION 440.05 DATA PROTECTION (PROCESSING OF PERSONAL DATA IN THE POLICE SECTOR) REGULATIONS 30th September,
More informationDIRECTIVE 2014/57/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 16 April 2014 on criminal sanctions for market abuse (market abuse directive)
12.6.2014 Official Journal of the European Union L 173/179 DIRECTIVE 2014/57/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 16 April 2014 on criminal sanctions for market abuse (market abuse directive)
More information16 March Purpose & Introduction
Factsheet on the key issues relating to the relationship between the proposed eprivacy Regulation (epr) and the General Data Protection Regulation (GDPR) 1. Purpose & Introduction As the eprivacy Regulation
More informationREGULATION (EU) 2016/679 General Data Protection Regulation
REGULATION (EU) 2016/679 General Data Protection Regulation An overview to the new legal data protection requirements impacting on all businesses trading within the EU John Greenwood Compliance3 June 2016
More informationSTATUTORY INSTRUMENTS. S.I. No. 110 of 2019
STATUTORY INSTRUMENTS. S.I. No. 110 of 2019 EUROPEAN UNION (ANTI-MONEY LAUNDERING: BENEFICIAL OWNERSHIP OF CORPORATE ENTITIES) REGULATIONS 2019 2 [110] S.I. No. 110 of 2019 European Union (Anti-Money Laundering:
More informationLegal Supplement Part C to the Trinidad and Tobago Gazette, Vol. 56, No. 52, 18th May, 2017
Legal Supplement Part C to the Trinidad and Tobago Gazette, Vol. 56, No. 52, 18th May, 2017 No. 15 of 2017 Second Session Eleventh Parliament Republic of Trinidad and Tobago HOUSE OF REPRESENTATIVES BILL
More informationOTrack Data Processing Terms
BACKGROUND These Personal Data Processing Terms (the Agreement ) are entered into between Optimum Records Limited ( Optimum ) and the school using the services provided by Optimum (the School ) whose details
More informationT-CY Guidance Note #8 SPAM
www.coe.int/tcy Strasbourg, 3 December 2014 T-CY(2014)20 Cybercrime Convention Committee (T-CY) T-CY Guidance Note #8 SPAM Adopted by the 12 th Plenary of the T-CY (2-3 December 2014) Contact Alexander
More informationA Legal Overview of the Data Protection Act By: Mrs D. Madhub Data Protection Commissioner
A Legal Overview of the Data Protection Act 2017 By: Mrs D. Madhub Data Protection Commissioner 06.02.2018 Overview The Data Protection Act 2017 Aim of the Act Major changes brought in the new Act Key
More informationTHE DATA PROTECTION BILL (No. XIX of 2017) Explanatory Memorandum
THE DATA PROTECTION BILL (No. XIX of 2017) Explanatory Memorandum The object of this Bill is to repeal the Data Protection Act and replace it by a new and more appropriate legislation which will strengthen
More informationIntroduction. The highly anticipated text of the Irish Data Protection Bill 2018 has been published.
Key points of the recently published Data Protection Bill February 2018 00 Introduction The highly anticipated text of the Irish Data Protection Bill 2018 has been published. The Bill supplements and gives
More informationEUROPEAN UNION. Brussels, 4 April 2014 (OR. en) 2011/0297 (COD) PE-CONS 8/14 DROIPEN 1 EF 6 ECOFIN 21 CODEC 47
EUROPEAN UNION THE EUROPEAN PARLIAMT THE COUNCIL Brussels, 4 April 2014 (OR. en) 2011/0297 (COD) PE-CONS 8/14 DROIP 1 EF 6 ECOFIN 21 CODEC 47 LEGISLATIVE ACTS AND OTHER INSTRUMTS Subject: DIRECTIVE OF
More informationIreland passes Data Protection Act 2018 GDPR. Key provisions and amendments
The Irish Data Protection Act 2018 was signed into law on 24 May 2018, to coincide with the coming into effect of the GDPR. The Act implements derogations permitted under the GDPR and represents a major
More informationData Processing Addendum
Data Processing Addendum The parties conclude this Data Processing Addendum ( DPA ), which forms part of the Agreement between Customer and Licensor ( Epignosis ), to reflect our agreement about the Processing
More informationData Protection Act 1998
Data Protection Act 1998 1998 CHAPTER 29 ARRANGEMENT OF SECTIONS Part I Preliminary 1. Basic interpretative provisions. 2. Sensitive personal data. 3. The special purposes. 4. The data protection principles.
More informationData Protection Bill [HL]
[AS AMENDED IN COMMITTEE] CONTENTS PART 1 PRELIMINARY 1 Overview 2 Terms relating to the processing of personal data PART 2 GENERAL PROCESSING CHAPTER 1 SCOPE AND DEFINITIONS 3 Processing to which this
More informationThe Ministry of Technology, Communication and Innovation and The Data Protection Office. Workshop On DATA PROTECTION ACT 2017
The Ministry of Technology, Communication and Innovation and The Data Protection Office Workshop On DATA PROTECTION ACT 2017 Tuesday 06 March 2018 from 08.30 hrs 15.30 hrs InterContinental Mauritius Resort,
More informationAPPENDIX. 1. The Equipment Interference Regime which is relevant to the activities of GCHQ principally derives from the following statutes:
APPENDIX THE EQUIPMENT INTERFERENCE REGIME 1. The Equipment Interference Regime which is relevant to the activities of GCHQ principally derives from the following statutes: (a) (b) (c) (d) the Intelligence
More informationKENYA GAZETTE SUPPLEMENT
SPECIAL ISSUE Kciivci Gazette Supplement No. 91 (National A.scenthIv BilLs No. 29) $ REPUBLIC OF KENYA KENYA GAZETTE SUPPLEMENT NATIONAL ASSEMBLY BILLS, 2017 NAIROBI, 13th June, 2017 CONTENT Hill for Introduction
More informationSECTION 59, CRIMINAL JUSTICE (THEFT AND FRAUD OFFENCES) ACT, 2001
SECTION 59, CRIMINAL JUSTICE (THEFT AND FRAUD OFFENCES) ACT, 2001 This Memorandum has been prepared by the Consultative Committee of Accountancy Bodies Ireland ( CCAB-I ) to alert members of the profession
More informationNEW YORK IDENTITY THEFT RANKING BY STATE: Rank 6, Complaints Per 100,000 Population, Complaints (2007) Updated January 25, 2009
NEW YORK IDENTITY THEFT RANKING BY STATE: Rank 6, 100.1 Complaints Per 100,000 Population, 19319 Complaints (2007) Updated January 25, 2009 Current Laws: A person is guilty of identity theft when he knowingly
More informationData Protection Bill [HL]
[AS AMENDED IN PUBLIC BILL COMMITTEE] CONTENTS PART 1 PRELIMINARY 1 Overview 2 Protection of personal data 3 Terms relating to the processing of personal data PART 2 GENERAL PROCESSING CHAPTER 1 SCOPE
More informationMC/15/89 Anti-Fraud Policy and Fraud Response Action Plan
Methodist Council Anti Fraud Policy and Fraud Response Action Plan MC/15/89 Contact Name and Details Status of Paper Action Required Resolution Nick Moore, Head of Support Services, mooren@methodistchurch.org.uk
More informationDATA PROCESSING AGREEMENT
DATA PROCESSING AGREEMENT PARTIES This agreement between has been concluded on.. by and between HotSpot System Ltd. a company registered in Hungary under company number 01-09883187 whose registered office
More informationCYBERCRIMES AND CYBERSECURITY BILL
REPUBLIC OF SOUTH AFRICA CYBERCRIMES AND CYBERSECURITY BILL (As introduced in the National Assembly (proposed section 75); explanatory summary of Bill published in Government Gazette No. 40487 of 9 December
More informationThe Convention on Cybercrime: A framework for legislation and international cooperation for countries of the Americas
www.coe.int/cybercrime The Convention on Cybercrime: A framework for legislation and international cooperation for countries of the Americas Workshop on cybercrime legislation (Bogota, 3-5 Sep 2008) Alexander
More informationPROJET DE LOI ENTITLED. The Data Protection (Bailiwick of Guernsey) Law, 2017 ARRANGEMENT OF SECTIONS PART I PRELIMINARY
PROJET DE LOI ENTITLED The Data Protection (Bailiwick of Guernsey) Law, 2017 ARRANGEMENT OF SECTIONS PART I PRELIMINARY 1. Object of this Law. 2. Application. 3. Extent. 4. Exception for personal, family
More informationEUROPEAN UNION. Brussels, 3 February 2006 (OR. en) 2005/0182 (COD) PE-CONS 3677/05 COPEN 200 TELECOM 151 CODEC 1206 OC 981
EUROPEAN UNION THE EUROPEAN PARLIAMT THE COUNCIL Brussels, 3 February 2006 (OR. en) 2005/0182 (COD) PE-CONS 3677/05 COP 200 TELECOM 151 CODEC 1206 OC 981 LEGISLATIVE ACTS AND OTHER INSTRUMTS Subject: DIRECTIVE
More informationAttachment 1. Commission Decision C(2010)593 Standard Contractual Clauses (processors)
Attachment 1 Commission Decision C(2010)593 Standard Contractual Clauses (processors) For the transfer of Personal Data to processors established in third countries which do not ensure an adequate level
More informationCoordinated text from 10 August 2011 Version applicable from 1 September 2011
Coordinated text of the Act of 30 May 2005 - laying down specific provisions for the protection of persons with regard to the processing of personal data in the electronic communications sector and - amending
More informationIrish Government Publishes Data Protection Bill 2018
Irish Government Publishes Data Protection Bill 2018 The Government has published the eagerly awaited Data Protection Bill 2018. The Bill incorporates Ireland s national implementing measures required
More informationAppendix 1 Data Processing Agreement
Appendix 1 Data Processing Agreement Except as modified below, the terms of the Agreement shall remain in full force and effect. The Agreement and this DPA are connected and cannot be terminated separately.
More informationAnnex - Summary of GDPR derogations in the Data Protection Bill
Annex - Summary of GDPR derogations in the Data Protection Bill The majority of the provisions in the General Data Protection Regulation (GDPR) will automatically become UK law on 25 May 2018. However,
More informationDATA PROCESSING AGREEMENT. (1) You or your organization or entity as The Data Controller ( The Client or The Data Controller ); and
DATA PROCESSING AGREEMENT BETWEEN: (1) You or your organization or entity as The Data Controller ( The Client or The Data Controller ); and (2) Moodle Pty Ltd being a company registered within Australia
More informationEuropean Data Protection Supervisor Your personal information and the EU administration: What are your rights?
European Data Protection Supervisor Your personal information and the EU administration: What are your rights? EDPS factsheet 1 Everyday, personal information - also known as personal data - is processed
More informationTECHNOLOGY AND DATA PRIVACY. Investigative Powers of the Data Protection Commissioner. by Peter Bolger, Jeanne Kelly
TECHNOLOGY AND DATA PRIVACY Investigative Powers of the Data Protection Commissioner by Peter Bolger, Jeanne Kelly Investigative Powers of the Data Protection Commissioner 18th September 2017 by Peter
More informationINVESTIGATION OF ELECTRONIC DATA PROTECTED BY ENCRYPTION ETC DRAFT CODE OF PRACTICE
INVESTIGATION OF ELECTRONIC DATA PROTECTED BY ENCRYPTION ETC CODE OF PRACTICE Preliminary draft code: This document is circulated by the Home Office in advance of enactment of the RIP Bill as an indication
More informationProcessor Agreement SURF Model Agreement
Processor Agreement SURF Model Agreement Utrecht, 18 November 2016 Version: 1.1 About this publication Processor Agreement SURF Model Agreement SURF P.O. Box 19035 NL-3501 DA Utrecht T +31 88 787 30 00
More informationGDPR. EU General Data Protection Regulation. ebook Version 1.2
GDPR EU General Data Protection Regulation ebook Version 1.2 Table of Contents Introduction... 6 The GDPR... 6 Source... 6 Objective... 6 Restrictions... 6 Versions... 6 Feedback... 6 CHAPTER I - General
More informationEUROPEAN COMMISSION DIRECTORATE-GENERAL JUSTICE. Directorate C: Fundamental rights and Union citizenship Unit C.3: Data protection
EUROPEAN COMMISSION DIRECTORATE-GENERAL JUSTICE Directorate C: Fundamental rights and Union citizenship Unit C.3: Data protection Commission Decision C(2010)593 Standard Contractual Clauses (processors)
More informationEVIDENCE ON THE DATA PROTECTION BILL. For the House of Commons Public Bill Committee by Open Rights Group and Chris Pounder
EVIDENCE ON THE DATA PROTECTION BILL For the House of Commons Public Bill Committee by Open Rights Group and Chris Pounder March 2018 Open Rights Group is a digital rights campaigning organisation. Campaigning
More information5418/16 AV/NT/vm DGD 2
Council of the European Union Brussels, 6 April 2016 (OR. en) Interinstitutional File: 2012/0010 (COD) 5418/16 LEGISLATIVE ACTS AND OTHER INSTRUMTS Subject: DATAPROTECT 1 JAI 37 DAPIX 8 FREMP 3 COMIX 36
More informationProject on Cybercrime
Project on Cybercrime www.coe.int/cybercrime Version January 2010 Cybercrime legislation country profile MALAYSIA This profile has been prepared within the framework of the Council of Europe s capacity
More informationUTAH IDENTITY THEFT RANKING BY STATE: Rank 31, 57.8 Complaints Per 100,000 Population, 1529 Complaints (2007) Updated December 30, 2008
UTAH IDENTITY THEFT RANKING BY STATE: Rank 31, 57.8 Complaints Per 100,000 Population, 1529 Complaints (2007) Updated December 30, 2008 Current Laws: A person is guilty of identity fraud when that person:
More informationCumulative Identity Theft Statutes Updated as of July 26, 2011
State Bill Number Summary Adopted AL SB 68 Classifies all instances of identity theft as Class C felonies and extends the statute of limitations to seven years. AZ SB 1045 Adds to the list of offenses
More informationPE-CONS 71/1/15 REV 1 EN
EUROPEAN UNION THE EUROPEAN PARLIAMT THE COUNCIL Brussels, 27 April 2016 (OR. en) 2011/0023 (COD) LEX 1670 PE-CONS 71/1/15 REV 1 GVAL 81 AVIATION 164 DATAPROTECT 233 FOPOL 417 CODEC 1698 DIRECTIVE OF THE
More informationPlease contact the UOB Call Centre at (toll free if calls are made from within Singapore) if you need any assistance.
Terms and Conditions of UOB estatement Services This document sets out the general terms and conditions which will apply to the estatement Services we provide to you. These terms and conditions are binding
More informationPERSONAL DATA PROCESSING AGREEMENT
PERSONAL DATA PROCESSING AGREEMENT between the following parties: 1. Name:............... Registration number / VAT ID:... Address:... Signed by:... Signature:... (hereinafter as Controller ) and 2. Name:
More informationAn Bille um Chosaint Sonraí, 2018 Data Protection Bill 2018
An Bille um Chosaint Sonraí, 18 Data Protection Bill 18 Mar a ritheadh ag Seanad Éireann As passed by Seanad Éireann [No. b of 18] AN BILLE UM CHOSAINT SONRAÍ, 18 DATA PROTECTION BILL 18 Mar a ritheadh
More informationData Protection Policy. Malta Gaming Authority
Data Protection Policy Malta Gaming Authority Contents 1 Purpose and Scope... 3 2 Data Protection Officer... 3 3 Principles for Processing Personal Data... 3 3.1 Lawfulness, Fairness and Transparency...
More informationPROTECTION OF PERSONAL INFORMATION ACT NO. 4 OF 2013
PROTECTION OF PERSONAL INFORMATION ACT NO. 4 OF 2013 [ASSENTED TO 19 NOVEMBER, 2013] [DATE OF COMMENCEMENT TO BE PROCLAIMED] (Unless otherwise indicated) (The English text signed by the President) This
More informationPROCEDURE (Essex) / Linked SOP (Kent) Data Protection. Number: W 1011 Date Published: 24 November 2016
1.0 Summary of Changes 1.1 This procedure/sop has had an additional paragraph added at 3.8.6 relating to data processing of information by direct access to Athena. 2.0 What this Procedure/SOP is About
More informationELECTRONIC COMMUNICATIONS AND TRANSACTIONS ACT, ACT NO. 25 OF 2002 [ASSENTED TO 31 JULY 2002] [DATE OF COMMENCEMENT: 30 AUGUST 2002]
REVISION No.: 0 Page 1 of 17 ELECTRONIC COMMUNICATIONS AND TRANSACTIONS ACT, ACT NO. 25 OF 2002 [ASSENTED TO 31 JULY 2002] [DATE OF COMMENCEMENT: 30 AUGUST 2002] To provide for the facilitation and regulation
More informationReporting Obligations 2. Recorded online. September /10/2017 ACCA Ireland ACCA
Reporting Obligations 2 Recorded online September 2017 1 16/10/2017 ACCA Ireland 1 Reporting Obligations 2 2 Reporting Obligations Auditor only S392, Companies Act 2014 Section 393, Companies Act 2014
More informationTHE COMPUTER MISUSE ACT, Arrangement of Sections PART I PRELIMINARY PART II OFFENCES
THE COMPUTER MISUSE ACT, 2000 Arrangement of Sections PART I Section 1. Short title PRELIMINARY 2. Interpretation PART II OFFENCES 3. Unauthorised access to computer program or data 4. Access with intent
More informationGuidelines on the application and setting of administrative fines for the purposes of the Regulation 2016/679
17/EN WP 253 Guidelines on the application and setting of administrative fines for the purposes of the Regulation 2016/679 Adopted on 3 October 2017 This Working Party was set up under Article 29 of Directive
More informationPurchasing Terms and Conditions
CONDITIONS OF BUSINESS 1. DEFINITIONS 1.1 In these Conditions: "BELBIN" means BELBIN Associates, 3-4 Bennell Court, Comberton, Cambridge CB23 7EN. UK [493 2224 49] ; Consumer means a consumer within the
More informationRegulation of Investigatory Powers Bill
Regulation of Investigatory Powers Bill EXPLANATORY NOTES Explanatory Notes to the Bill, prepared by the Home Office, will be published separately as Bill. EUROPEAN CONVENTION ON HUMAN RIGHTS Mr Secretary
More informationELECTION OFFENCES ACT
LAWS OF KENYA ELECTION OFFENCES ACT NO. 37 OF 2016 Revised Edition 2017 Published by the National Council for Law Reporting with the Authority of the Attorney-General www.kenyalaw.org [Rev. 2017] No.
More informationCode of Practice Issued Under Section 377A of the Proceeds of Crime Act 2002
Code of Practice Issued Under Section 377A of the Proceeds of Crime Act 2002 Presented to Parliament under section 377A(4) of the Proceeds of Crime Act 2002 Code of Practice Issued Under Section 377A
More informationSections 14, 14A, 14B, and 14C - Criminal Assets Bureau Acts 1996 and 2005
Sections 14, 14A, 14B, and 14C - Criminal Assets Bureau Acts 1996 and 2005 Summary: It is by virtue of section 14 of the Criminal Assets Bureau Acts 1996 and 2005 1, that the Criminal Assets Bureau (CAB)
More informationNumber 3 of 2012 ENERGY (MISCELLANEOUS PROVISIONS) ACT 2012 ARRANGEMENT OF SECTIONS. PART 1 Preliminary and General
Number 3 of 2012 ENERGY (MISCELLANEOUS PROVISIONS) ACT 2012 ARRANGEMENT OF SECTIONS PART 1 Preliminary and General Section 1. Short title and commencement. 2. Definitions. PART 2 Miscellaneous Amendments
More informationAnnex 1: Standard Contractual Clauses (processors)
Annex 1: Standard Contractual Clauses (processors) For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure
More informationCounter-Terrorism COUNTER-TERRORISM ACT Act. No Commencement (LN. 2010/083) Assent Relevant current provisions
COUNTER-TERRORISM ACT 2010 Principal Act Act. No. Commencement (LN. 2010/083) 29.4.2010 Assent 24.3.2010 Amending enactments Relevant current provisions Commencement date English sources: None cited EU
More informationCustomer Data Annual Privacy Agreement
Customer Data Annual Privacy Agreement Capita Children s Services, a trading name of Capita Business Services Ltd, is serious about the privacy of your data. This Agreement relates to written consent for
More informationAnti-Fraud, Bribery and Corruption Response Policy. Telford and Wrekin Clinical Commissioning Group
Anti-Fraud, Bribery and Corruption Response Policy 2018 Telford and Wrekin Clinical Commissioning Group The Anti-Fraud, Bribery and Corruption Policy for Telford and Wrekin Clinical Commissioning Group
More informationLegislative Brief The Information Technology (Amendment) Bill, 2006
Legislative Brief The Information Technology (Amendment) Bill, 2006 Highlights of the Bill The Bill was introduced in the Lok Sabha on 15 th December, 2006 and referred to the Standing Committee on Information
More informationFirst Session Tenth Parliament Republic of Trinidad and Tobago REPUBLIC OF TRINIDAD AND TOBAGO. Act No. 11 of 2010
First Session Tenth Parliament Republic of Trinidad and Tobago REPUBLIC OF TRINIDAD AND TOBAGO Act No. 11 of 2010 [L.S.] AN ACT to provide for and about the interception of communications, the acquisition
More informationProject on Cybercrime
Project on Cybercrime www.coe.int/cybercrime Version 28 March 2008 [Reformat in March 2011] Cybercrime legislation country profile HONG KONG, Special Administrative Region of People s Republic of China
More informationAct No. 502 of 23 May 2018
Act No. 502 of 23 May 2018 This version has been translated for the Danish Ministry of Justice. The official version was published in Lovtidende (the Law Gazette) on 24 May 2018. Only the Danish version
More informationConsolidated text PROJET DE LOI ENTITLED. The Data Protection (Bailiwick of Guernsey) Law, 2001 [CONSOLIDATED TEXT] NOTE
PROJET DE LOI ENTITLED The Data Protection (Bailiwick of Guernsey) Law, 2001 [CONSOLIDATED TEXT] NOTE This consolidated version of the enactment incorporates all amendments listed in the footnote below.
More informationOBJECTS AND REASONS. Arrangement of Sections PART I. Preliminary PART II. Licensing Requirements for International Service Providers
1 OBJECTS AND REASONS This Bill would provide for the regulation of the providers of international corporate and trust services and for related matters. Section 1. Short title. 2. Interpretation. 3. Application
More informationRegulation of Investigatory Powers Act 2000
ch2300a00a 01-08-00 22:01:07 ACTA Unit: paga RA Proof 20.7.2000 Regulation of Investigatory Powers Act 2000 CHAPTER 23 ARRANGEMENT OF SECTIONS Part I Communications Chapter I Interception Unlawful and
More information1 HB By Representative Williams (P) 4 RFD: Technology and Research. 5 First Read: 13-FEB-18. Page 0
1 HB410 2 191614-1 3 By Representative Williams (P) 4 RFD: Technology and Research 5 First Read: 13-FEB-18 Page 0 1 191614-1:n:02/13/2018:CMH*/bm LSA2018-168 2 3 4 5 6 7 8 SYNOPSIS: This bill would create
More informationAn Bille um Chosaint Sonraí, 2018 Data Protection Bill 2018
An Bille um Chosaint Sonraí, 18 Data Protection Bill 18 Mar a tionscnaíodh As initiated [No. of 18] AN BILLE UM CHOSAINT SONRAÍ, 18 DATA PROTECTION BILL 18 Mar a tionscnaíodh As initiated CONTENTS Section
More informationRegulation of Interception of Act 18 Communications Act 2010
ACTS SUPPLEMENT No. 7 3rd September, 2010. ACTS SUPPLEMENT to The Uganda Gazette No. 53 Volume CIII dated 3rd September, 2010. Printed by UPPC, Entebbe, by Order of the Government. Regulation of Interception
More informationUnofficial Translation
Unofficial Translation COMPUTER-RELATED CRIME ACT B.E. 2550 (2007) BHUMIBOL ADULYADEJ, REX. Given on the 10 th of June B.E. 2550; Being the 62 nd Year of the Present Reign. His Majesty King Bhumibol Adulyadej
More informationBetween. address (which you used when signing the Main Contract with Shore) - the "Principal" - and
Data protection and data security regulation for commission-based relationships according to Section 11 of the German Federal Data Protection Act (BDSG) Between (1) Name or company Street and house number
More informationSCHEDULE 1 DATA TRANSFER AGREEMENT (Data Controller to Data Controller transfers)... 16
DATA PROTECTION REGULATIONS 2015 DATA PROTECTION REGULATIONS 2015 Part 1 General Rules on the Processing of Personal Data... 1 Part 2 Rights of Data Subjects... 7 Part 3 Notifications to the Registrar...
More informationENFORCEMENT GUIDE STATEMENT OF PRINCIPLES & GUIDANCE ON THE EXERCISE OF ENFORCEMENT POWERS. September
ENFORCEMENT GUIDE September 2018 STATEMENT OF PRINCIPLES & GUIDANCE ON THE EXERCISE OF ENFORCEMENT POWERS - 1 - GLOSSARY OF TERMS AML/ATF Anti-Money Laundering & Anti-Terrorist Financing The AML/ATF The
More informationData Protection Act 1998 Policy
Data Protection Act 1998 Policy Responsibility for Policy: Relevant to: University Secretary All Staff, Students and Academic Partnerships Approved by: SMT in September 2016 Responsibility for Document
More informationMEMORANDUM OF UNDERSTANDING
MEMORANDUM OF UNDERSTANDING between Risk and Intelligence Service Gateway Exchange Team and NHS Protect (England) and NHS Counter Fraud Services (Wales) The Parties (1) Gateway Exchange Team, CEI Cardiff,
More informationCode of Practice - Conduct of Officers of NAMA
Code of Practice - Conduct of Officers of NAMA This Code of Practice was approved by the Minister for Finance on 6 th July 2017 NATIONAL ASSET MANAGEMENT AGENCY Code of Practice and Professional Conduct
More informationAnti-Fraud, Bribery and Corruption Policy
Anti-Fraud, Bribery and Corruption Policy Anti-Fraud, Bribery and Corruption Policy Version 2 Approved by: Audit and Risk Committee Approved date: 22 May 2017 1.0 Introduction 1.1 Optivo is committed to
More informationGeneral Rules on the Processing of Personal Data SCHEDULE 1 DATA TRANSFER AGREEMENT (Data Controller to Data Controller transfers)...
DATA PROTECTION REGULATIONS 2015 DATA PROTECTION REGULATIONS 2015 General Rules on the Processing of Personal Data... 1 Rights of Data Subjects... 6 Notifications to the Registrar... 7 The Registrar...
More informationcloser look at Rights & remedies
A closer look at Rights & remedies November 2017 V1 www.inforights.im Important This document is part of a series, produced purely for guidance, and does not constitute legal advice or legal analysis.
More informationProposal for a COUNCIL FRAMEWORK DECISION. on attacks against information systems. (presented by the Commission)
COMMISSION OF THE EUROPEAN COMMUNITIES Brussels, 19.04.2002 COM(2002) 173 final 2002/0086 (CNS) Proposal for a COUNCIL FRAMEWORK DECISION on attacks against information systems (presented by the Commission)
More informationArticle 1. Federal Data Protection Act (BDSG)
Act to Adapt Data Protection Law to Regulation (EU) 2016/679 and to Implement Directive (EU) 2016/680 (DSAnpUG-EU) of 30 June 2017 The Bundestag has adopted the following Act with the approval of the Bundesrat:
More informationNumber 5 of Vehicle Registration Data (Automated Searching and Exchange) Act 2018
Number 5 of 2018 Vehicle Registration Data Number 5 of 2018 VEHICLE REGISTRATION DATA (AUTOMATED SEARCHING AND EXCHANGE) ACT 2018 Section 1. Interpretation CONTENTS 2. National contact point in State
More informationTM2/TM3 Online Terms and Conditions
TM2/TM3 Online Terms and Conditions All Users of services provided by BLUE ZINC IT LTD, by use of such services, accept the terms of business set out in the form of service agreement which follows, irrespective
More informationData Protection Bill, House of Lords second reading Information Commissioner s briefing
Data Protection Bill, House of Lords second reading Information Commissioner s briefing Introduction... 2 Overview... 2 Derogations... 4 Commissioner s part-by- part commentary on the Bill... 5 Part one:
More informationTEXTS ADOPTED Provisional edition
European Parliament 2014-2019 TEXTS ADOPTED Provisional edition P8_TA-PROV(2018)0339 Countering money laundering by criminal law ***I European Parliament legislative resolution of 12 September 2018 on
More informationPurpose specific Information Sharing Agreement. Community Safety Accreditation Scheme Part 2
Document Information Summary Partners ISA Ref: As Part 1 An agreement to formalise the information sharing arrangements for the purpose of specific Information sharing pursuant to Crime and Disorder reduction
More information