Archive

Posts Tagged ‘InfoSec Institute’

Transfer mechanisms of personal data from EU to third countries

January 8, 2013 2 comments

This Article explains the concept of transferring personal data from EU to third countries, what those third countries mean, the principles for making such transfers legitimate and the derogations from these principles, and last but not least, the transfer mechanisms of personal data to third countries.

Considering the legal requirements of the Directive 95/46/EC, Article 25
the transfer to a third country of personal data which are undergoing processing or are intended for processing after transfer may take place only if… the third country in question ensures an adequate level of protection…this Article provides three legal mechanisms for such transfers:

-Standard Contractual Clauses – for single Organizations or entities

Binding Corporate Rulesfor multinational Organizations or entities

-Safe Harbor Agreement principles – for Organizations or entities located in the U.S.

The Article provides Organizations or entities with all current available mechanisms for data transfer from the European Union to third countries, regardless if those Organizations are independent-single entities or multinational ones.

This Article was written by Dan Manolescu. If interested, you could read the full Article published by InfoSec Institute here.

If you would like to find out more about InfoSec, you could visit this page here.

Dan Manolescu is now a frequent contributer for InfoSec Institute.

If you have any questions please contact us at: dan@e-crimeexpert.com

Advertisements

Privacy Impact Assessment (PIA)

January 2, 2013 2 comments

Happy New Year!

We are back with a fresh Article on Privacy Impact Assesment.

What is a Privacy Impact Assessment (PIA)?

Privacy Impact Assessment is a process to determine the impacts of a program, system, service, scheme, initiative, application, information system, policy or administrative practice, or database, called for the purpose of this article as “project,” on an individual’s privacy and the ways to mitigate or avoid any adverse effects (risks).

Conducting a PIA is a good business practice that should be considered in a similar way to financial, legal, operational, and IT practices prior to proceeding with a new project development.

This Article was written by Dan Manolescu. If interested, you could read the full Article published by InfoSec Institute here.

If you would like to find out more about InfoSec, you could visit this page here.

Dan Manolescu is now a frequent contributer for InfoSec Institute.

If you have any questions please contact us at: dan@e-crimeexpert.com

%d bloggers like this: