- In: Cloud
- Leave a Comment
For those of you who are looking for overview of what different Cloud service providers offers,here is the link which gives snapshot of it.
http://www.planforcloud.com/pages/resources/cloud_services.html
EU Directive 95/46/EC
Posted on: January 31, 2013
For one of our prospect, I was searching for information, regulations on EU directive where prospect is interested in going in for public/private cloud option, I searched, searched & here is round-up of what I find. If anyone has any other information, keep pouring your thoughts in comments..
EU Directive 95/46/EC (link) : http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:en:HTML
EU Directive regulates the processing of personal data within the European Union (including Norway) talks about
- Personal data are defined as “any information relating to an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;”
- The notion processing means “any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction;”
Data controller: An entity (whether a natural or legal person, public authority, agency or other body) which alone, jointly or in common with others determines the purposes for which and the manner in which any item of personal information is processed
Data processor: An entity (whether a natural or legal person, public authority, agency or any other body) which processes personal information on behalf and upon instructions of the Data Controller
Data subject: An identified or identifiable individual to whom personal information relates, whether such identification is direct or indirect (for example, by reference to an identification number or to one or more factors specific to physical, physiological, mental, economic, cultural or social identity)
The data protection rules are applicable not only when the controller is established within the EU, but whenever the controller uses equipment situated within the EU in order to process data. Controllers from outside the EU, processing data in the EU, will have to follow data protection regulation. In principle, any online business trading with EU citizens would process some personal data and would be using equipment in the EU to process the data (i.e. the customer’s computer). As a consequence, the website operator would have to comply with the European data protection rules.
Third countries is the term used in EU legislation to designate countries outside the European Union. Personal data may only be transferred to third countries if that country provides an adequate level of protection. Some exceptions to this rule are provided, for instance when the controller himself can guarantee that the recipient will comply with the data protection rules.
Third countires as referred by EU directive http://ec.europa.eu/justice/data-protection/bodies/authorities/third-countries/index_en.htm#h2-1
If you’re US company:
The Working Party negotiated with U.S. representatives about the protection of personal data, the Safe Harbor Principles were the result.
Safe Harbor Certification: (US-EU) http://www.privacytrust.org/guidance/safe_harbor.html
Online application link : http://www.privacytrust.org/apply/index.html
• Standard fee for the certification application is US$450
• Certifications need to be renewed every year
The process of application for the PrivacyTrust Certification starts as soon as you complete the online application form and you can receive your certification in as little as 7 days.
If you’re inside/outside EU & not in third countries list (please refer link above):
Personal Data Act : http://www.ub.uio.no/ujur/ulovdata/lov-20000414-031-eng.pdf
According to personal data (please refer link above) act following are required
- Any application hosted inside/outside EU has to comply data protection rules, data processor has to notify processing of personal data to respective Data Protection Authority via the form provided below.
(Example Norwegian data protection authority) http://datatilsynet.no/Global/english/Notification_processing_personal_data.pdf
Notification shall be given not later than 30 days prior to commencement of processing.
- Data processor agreement (sec 13,15)
(Example Norwegian data protection authority)
o Guide : http://www.datatilsynet.no/Global/english/Databehandleravtaler_veil_okt2012_ENG.pdf
o Draft agreement : http://datatilsynet.no/English/Publications/Data-processor-agreements/
• A license from the Data Inspectorate is required for the processing of sensitive personal data(sec 31,33)
(Reuters) – Shares in Apple Inc dipped below $500 for the first time in almost one year after reports it is slashing orders for screens and other components as intensifying competition erodes demand for its latest iPhone. Japan's Nikkei reported on Monday that the world's largest technology corporation began sharply reducing buying of liquid crystal displays about a month ago from suppliers like Japan Display Inc and Sharp Corp. …
The Consumer Electronics Show – full of technological innovation, thousands of vendors vying to be the next big thing – and some of the craziest gadgets I’ve ever seen. Now there’s a fine line between crazy and brilliant, and sometimes it’s hard to tell the difference. So here are my top ten picks for craziest [...]
TORONTO (Reuters) – Shares of Research In Motion Ltd surged as much as 11 percent on Monday as the countdown toward the January 30 launch of its long-awaited BlackBerry 10 smartphones winds down and carrier support for the new line builds. RIM stock rose as high C$15.08 in early Nasdaq trading. Some analysts said a dearth of any major smartphone news at the Consumer Electronics Show in Las Vegas last week boded well for RIM as it inches closer toward unveiling the make-or-break new line. …
TORONTO (Reuters) – Forget bribery, intimidation and threats, a new app is designed to encourage children to do chores by turning the tasks into a game and giving them points when it is completed. The app called ChoreMonster, available for iOS devices and on the web, aims to make household chores, such as setting the table, feeding the pets or unloading the dishwasher, fun. “There are usually enough chores in a week to redeem some sort of reward,” said Chris Bergman, the founder and CEO of Cincinnati, Ohio-based company ChoreMonster. …
