internet and privacy
The Global Privacy and Information Security
Landscape
Frequently Asked Questions
Preface
As the world becomes increasingly connected, it is critical to view information security and privacy not merely as IT issues, but also as essential business priorities. Security threats, vulnerabilities and privacy exposures challenge every organization today, creating risks that must be controlled and managed. Often organizations do not know what risks they face or how they will manage these risks. If managed properly, recognized leadership in handling personally identifiable information and driving personalized service can be a differentiator to consumers and partners and become a driver of business growth.
With this in mind, Pillsbury Winthrop Shaw Pittman LLP and Protiviti Inc. have pooled their areas of expertise to co-author
The Global Privacy and Information Security Landscape: Frequently Asked Questions. Pillsbury provides legal overviews and insight regarding current laws and regulations, and Protiviti offers guidance to implement and maintain an effective privacy and information security program from an operational perspective.
Information security and privacy are global concerns, and thus there are many laws and regulations in countries around the world designed to protect or limit the rights of individuals and businesses. This FAQ guide discusses key laws and regulations, including the Gramm-Leach-Bliley Act, the Health Insurance Portability and Accountability Act, the Fair
Credit Reporting Act, the European Union General DP Directive and the Electronic Communications Privacy Act. Among the many topics addressed are privacy trends, security breaches, privacy programs, international laws and guidance for victims of identity theft. Note that the topics discussed in the first seven sections of this guide are based primarily on
U.S. requirements and industry standards, although many of the principles and leading practices considered therein
may
Landscape
Frequently Asked Questions
Preface
As the world becomes increasingly connected, it is critical to view information security and privacy not merely as IT issues, but also as essential business priorities. Security threats, vulnerabilities and privacy exposures challenge every organization today, creating risks that must be controlled and managed. Often organizations do not know what risks they face or how they will manage these risks. If managed properly, recognized leadership in handling personally identifiable information and driving personalized service can be a differentiator to consumers and partners and become a driver of business growth.
With this in mind, Pillsbury Winthrop Shaw Pittman LLP and Protiviti Inc. have pooled their areas of expertise to co-author
The Global Privacy and Information Security Landscape: Frequently Asked Questions. Pillsbury provides legal overviews and insight regarding current laws and regulations, and Protiviti offers guidance to implement and maintain an effective privacy and information security program from an operational perspective.
Information security and privacy are global concerns, and thus there are many laws and regulations in countries around the world designed to protect or limit the rights of individuals and businesses. This FAQ guide discusses key laws and regulations, including the Gramm-Leach-Bliley Act, the Health Insurance Portability and Accountability Act, the Fair
Credit Reporting Act, the European Union General DP Directive and the Electronic Communications Privacy Act. Among the many topics addressed are privacy trends, security breaches, privacy programs, international laws and guidance for victims of identity theft. Note that the topics discussed in the first seven sections of this guide are based primarily on
U.S. requirements and industry standards, although many of the principles and leading practices considered therein
may
References: “Coming to America: The EU privacy directive,” Lamphere, Patrick, Computerworld, June 14, 2007. clauses for the transfer of personal data to third countries (2001/497/EC and 2002/16/EC), European Commission report, 2006. Data Protection Act 1998 (1998 Chapter 29), U.K. Parliament, available at the Office of Public Sector Information website, http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2002:201:0037:0047:EN:PDF. networks and amending Directive 2002/58/EC,” Official Journal of the European Union, L105, March 15, 2006. European Union, L 281, pages 31-50, November 23, 1995. The EU Data Protection Directive: Implications for the U.S. Privacy Debate, U.S. House of Representatives, Committee on Energy and Commerce, March 8, 2001, Serial No Freedom of Information Act 2000 (2002 Chapter 36), U.K. Parliament, available at the Office of Public Sector Information website, http://www.opsi.gov.uk/ACTS/acts2000/20000036.htm. A Guide for Business to the Electronic Commerce (EC Directive) Regulations 2002 (SI2002/2013), Department of Trade and Industry, July 31, 2002, available at http://www.berr.gov.uk/files/file14635.pdf. Negotiating Privacy: The European Union, The United States, and Personal Data Protection, Heisenberg, Dorothee, Lynne Rienner Publishers, Inc., Boulder, Colo., 2005, pages 27-28. “Safe Harbor Agreement – Boon or Bane?,” Kierkegaard, Sylvia Mercado, Shidler Journal of Law, Commerce and Technology, August 2, 2005, http://www.lctjournal.washington.edu/vol1/a010Kierkegaard.html. “Standard contractual clauses for the transfer of personal data to third countries – Frequently asked questions,” Europa website, press release, January 7, 2005, The following key definitions have been taken from Directives 95/46/EC, 2002/21/EC and 2006/24/EC and are used throughout this document • EEA State – A state that is a contracting party to the Agreement on the European Economic Area signed at Oporto on May 2, 1992, as adjusted by the Protocol signed at Brussels on March 17, 1993.