Speechly Bircham | Inform: IP, Technology & Commercial

May 2008



Inform IP, Technology & Commercial

Speechly Bircham

Welcome to this month's Inform: IP, Technology & Commercial


In this month's edition, we address the implications of the report published by the FSA into data security in the financial services sector.  We will also look at the cross-border privacy rules currently being implemented in the Asia-Pacific region, as well as investigating the revisions the International Chamber of Commerce is proposing to the EU Controller to Processor Model Clauses.  In addition, we will look at the principle changes that have recently been made to the Austrian Data Protection Act.
  

Robert Bond

Head of IP, Technology & Commercial

Top stories

Data security in financial services
The UK Financial Services Authority has recently published a lengthy report on data security in the financial services sector which has the backing of the UK Information Commissioner. 

In his forward to the report, which is aimed at assisting firms in preventing data loss by their employees and third party suppliers, Richard Thomas, the Information Commissioner says "it includes examples of good practice by some financial institutions which others could usefully learn from".  "Getting data protection wrong can bring commercial, reputation, regulatory and legal penalties.  Getting it right brings rewards in terms of customer trust and confidence", he adds. 

 

The 100 page document reports on ways in which financial services firms in the UK are addressing information security risk and concentrates on the prevention of risk from within as opposed to examining the threat of data theft by criminals seeking to infiltrate financial services firms from outside. 

The report is not intended to be a definitive opinion by the financial services authority but provides very useful guidelines and elements of risk management. The data protection team at Speechly Bircham continues to work with financial services clients on global data protection compliance as well as on information risk management. 

 

Asia-Pacific data transfers

Whilst many businesses are used to the rules for trans-border data flows within Europe and between Europe and other parts of the world, not too many businesses are aware of the work being carried out in the Asia Pacific countries. The International Chamber of Commerce is taking a leading role in providing Cross-Border Privacy Rules for the APEC privacy framework that were approved by APEC country leaders in 2004. 

 

The Cross-Border Privacy Rules are intended to enable organisations that wish to implement uniform privacy policies and practices to do so on a harmonised basis within the Asia Pacific region which includes countries such as Australia, China, Japan, Korea, Mexico, Peru, Thailand, Vietnam and the United States.  The APEC initiative is not based upon strict legislation such as exists in the EU but more upon a framework of a mutual recognition by parties within APEC economies. 

 

The Cross-Border Privacy Rules rely on businesses self assessing their compliance with the APEC privacy principles which are similar to the privacy principles of the US Safe Harbour and the seven data protection principles set out in the UK Data Protection Act 1998.  All of these principles emanate from the OECD guidelines on data privacy that were drafted many years ago and it remains to be seen if the APEC approach creates an efficient regime for protecting the rights of individuals in relation to personal data whilst at the same time encouraging good data protection practices between businesses. 

 


Other stories

 

ICC presses for revisions to the EU controller to processor model clauses
As Chairman of the UK E-Business, IT and Telecoms Committee of the International Chamber of Commerce, Robert Bond reports that the ICC continues to press the European Commission for adoption of the ICC's proposed revisions to the model clauses for the transfer of personal data between a data controller in the EEA and a data processor outside the EEA. Whilst the European Commission and the Article 29 Working Party have been considering the ICC's proposals it is taking some while to get a sense as to whether or not all of the proposals will be accepted. 

 

Whilst the model clauses allow for data controllers to use data processors outside the EEA for a variety of processing activities some aspects of the model clauses are uncommercial in relation to the standards of data security required as well as the lack of clarification as to how the use of sub-contracted data processors can be covered by the model clauses which do not currently address such a situation. 

 

Austria makes major amendments to its data protection laws

We have recently learnt from Rainer Knyrim a Partner with Preslmayr in Vienna, Austria's leading Data Protection lawyer who trained with Robert Bond years ago, that the Austrian Data Protection Act has been amended so that:-

  • Personal Data is defined so as to exclude corporate data
  • Inter-governmental data sharing is allowed
  • Businesses with more than 20 employees must appoint a data protection officer 
  • New rules on the use of CCTV will be implemented.  

For some while Austria has had an interpretation of personal data that included not only data relating to individuals but also to corporates which is generally not the interpretation adopted by other EU member states and so the revisions to the Austrian law brings the country more into line with the rest of the EU. 


For further information please contact Robert Bond.

 

If you would like to comment on any of these topics, please click here.

Speechly Bircham LLP is a limited liability partnership registered in England and Wales (registered number OC321620) and is regulated by the Solicitors Regulation Authority. A list of members' names is open to inspection at our registered office, 6 New Street Square, London EC4A 3LX

Speechly Bircham LLP 6 New Street Square, London EC4A 3LX
Tel +44 (0)20 7427 6400 Fax +44 (0)20 7427 6600

 


To unsubscribe visit: ">To unsubscribe visit:
http://info.speechlys.com/vtu/586068xBd618565u8579


Concep | Our interactive email partner