Global Privacy Considerations

Privacy -Global Considerations – Copyright- Doug Knehr Esq

Click on the above link for a condensed view of my deep research and expertise in Global Privacy Considerations covering the following areas:

Notice
Choice & Consent Access to review two opt in or opt out
Management and administration to define document and communicate and assign accountability for the privacy policies and procedures as well as monitoring same
Data Subject Access
Rights : Consent and Choice

Comprehensive-Europe
Sectoral United States and Japan
Coregulatory and self-regulatory -Australia
Canada
General Laws –

Sectors of privacy and data protection laws
Healthcare
Financial sector
Telecommunication sector
Online privacy
Public-sector
Human resources
Smart grid information
Direct Marketing
Safeguards
Administrative policies and procedures for the organization see p 24 for responsible management processes for data privacy compliance exhibit
Technical safeguards such as passwords and authentication
Physical safeguards

Information lifecycle Principles
Collection
Use
Disclosure & Transfer
Storage and destruction

Information security
Management and Administration
There are three key attributes including confidentiality integrity and availability
Controls on Information
Security controls – Actual Processes used to ensure security of information system
Information Securities the protection of information from unauthorized access use and disclosure while information privacy also concerns rules for the collection and handling of personal information
See the privacy versus security exhibit a page 78
Security Requirement Sources
Program
Human resources information security
Physical and environmental information security
Intrusion detection and prevention
Perimeter controls to Safeguard entire network environments from outside penetration
Security monitoring of IDS IPS and other perimeter controls through the use analysis of log files or reports generated by computer software applications
External threat management
Incident management and data breach notification
Monitoring in compliance

Online Security
Confidentiality
Integrity
Availability
Web User Authentication
Online privacy
Web infrastructure
Privacy considerations for online information

Fair information practices
1973 US Department of health education welfare fare information practice principles
OECD – 1980 organization for economic cooperation and development guidelines governing the protection of privacy and transborder data flows of personal data that’s the OECD guidelines
1981 Council of Europe (convention for the protection of individuals with regard to the automatic processing of personal data) that’s the COE convention codified in 1995 under the EU data protection directive
Asia-Pacific economic cooperative or APEC
European Union 1995
2009 Madrid resolution international standards on the protection of personal data and privacy
Shared Categories of all FIPS
Middle East – few PI laws but Israel deemed adequate
Africa
Privacy risk assessments
Privacy notice
Policy vs Notice
Policy
Notice
Information assets of an organization
Privacy Classes
Roles
Data Protection Authority
Data Controller
data processor
Data subject

Copyright

Douglas S. Knehr Esq.,MBA, CIPM, CIPP, CISSP (Training)

Doug@DougKnehr.com

609-635-2226