itechlaw 9th international asian conference
TRANSCRIPT
-
7/28/2019 ItechLaw 9th International Asian Conference
1/68
ITechLaw 9th InternationalAsian Conference
Privacy Issues Relating toEmployee Data
February 14 and 15, 2013
-
7/28/2019 ItechLaw 9th International Asian Conference
2/68
Introduction
EU Directive on Data Protection and Privacy as itapplies to employee data
Compliance with the EU Directive from a German
perspective and in a global environment when
employee data often crosses borders in cyberspace)
BYOD - Legal Barriers for BYOD Strategies - A Holistic
Approach to Legal Compliance and Security with an
additional focus on employee data A brief overview of the Indian perspective
Panel discussion
Audience Q & A
Contd.
-
7/28/2019 ItechLaw 9th International Asian Conference
3/68
Laws that regulate the collection, use and handling ofan employees personal data in India, France andGermany
Restrictions on the acquisition, use and maintenanceof employee data
Period of retention of employee data
Transfer of employees' data to third parties and/or
overseas Consequences of breaching the regulations
Introduction
-
7/28/2019 ItechLaw 9th International Asian Conference
4/68
Employee data protection issues:Privacy issues relating to
employees
ITECHLAW BENGALORE CONFERENCE
14th and 15th February 2013
-
7/28/2019 ItechLaw 9th International Asian Conference
5/68
1. Overview of the Europeanregulations
-
7/28/2019 ItechLaw 9th International Asian Conference
6/68
In Europe common legal basis is:
Directive 95/46 of 24th October 1995
Purpose of this Regulation :
strengthen citizens' rights of privacy and,
modernize the existing legal framework to take
into account new challenges of the development of
new technologies and the effect of globalization.
Overview
1
-
7/28/2019 ItechLaw 9th International Asian Conference
7/68
Overview
EU countries may locally implement other rules as
long as they respect the minimum provisions of the
EU Directive.
Such 1995 Directive should be replaced probably in
2014-2016 by a Regulation that will be automatically
and identically applicable in each European countries.
2
-
7/28/2019 ItechLaw 9th International Asian Conference
8/68
2. Scope of the Directive
-
7/28/2019 ItechLaw 9th International Asian Conference
9/68
Scope of the Directive
WHICH PERSONAL DATA IS CONCERNED?
The notion of personal data is very wide:
It may involve important data: social security number, family status, etc., as much as
innocuous data, such as the name, the date of birth, the address of the employee, etc.
Definition of" personal data " by the Directive: personal information relating to anidentified or identifiable person, directly or indirectly, by reference to an identification
number or to one or more specific factors (physical, physiological, mental, economic,
cultural or social identity).
Employee s data collected by employers are most often needed in the daily
management of employees within a company (social security number, surname, name,
date of birth, address, etc.)
The employer can not generally collect sensitive data i.e. data relating to racial or ethnic
origin, political opinions, religious or philosophical beliefs, trade union membership,
health or sexual life. 3
-
7/28/2019 ItechLaw 9th International Asian Conference
10/68
WHICH PROCESSING OF FILE OF EMPLOYEES DATA IS CONCERNED?
ANY AUTOMATED PROCESSING of personal data contained on ANY FILE is likely
to be concerned by the Directive.
Examples:
Excel file: any data base ;
Word file: any list (eg. employees career record) ;
Online business directory ;
Any type of file on computers, phone or any electronic device ;
GPS ; Biometric systems ;
Video recording;
Etc.
Scope of the Directive
4
-
7/28/2019 ItechLaw 9th International Asian Conference
11/68
General rule: ANYONE can not collect ANYTHING.
For employees data the employer, called the controller, is required to to
proceed with the formalities.
Role: controller determines the purposes and means of personal data
processing.
Liabilities: controller is in charge of the compliance with the EU Directivesprovisions.
5
-
7/28/2019 ItechLaw 9th International Asian Conference
12/68
HOW ARE THESE DATA COLLECTED AND PROCESSED?
Principle of proportionality and purpose
Protection of the legitimate interests.
Proportionality to the goals.
6
-
7/28/2019 ItechLaw 9th International Asian Conference
13/68
Principles of privacy and security
The employer, as a controller, is bound by an obligation of safety. He must
take the necessary measures to ensure the confidentiality of data and
prevent its disclosure to unauthorized third parties.
7
-
7/28/2019 ItechLaw 9th International Asian Conference
14/68
EMPLOYEES RIGHTS
Right to information
Right of access and rectification
Right of objection: Except if local laws request the employer to collect and use it,
Objection must be lead by valid reasons.
8
-
7/28/2019 ItechLaw 9th International Asian Conference
15/68
WHICH FORMALITIES?
Notification to the Data Protection Authority prior to the implementation of
a processing of personal data.
Exemptions or simplifications of notification can be defined by Member
States.
9
-
7/28/2019 ItechLaw 9th International Asian Conference
16/68
3. Maximum period ofconservation of employees
personal data
ITECHLAW BENGALORE CONFERENCE
February 14 and 15, 2013
-
7/28/2019 ItechLaw 9th International Asian Conference
17/68
Maximum period of conservation of employees personal
data
EU: for no longer than necessary to achieve the purposes for which datasare collected or processed.
France: period of conservation depends on the purpose of each file.
10
-
7/28/2019 ItechLaw 9th International Asian Conference
18/68
Maximum period of conservation of employees
personal data
Type of personal data Period of conservation
Human ressources and
managment data (social
security number, name,surname, DOB, address,
personnal situation of the
employee)
No longer after the
termination of employement
contract
Video recordings Few days to 1 month
maximum after recording
Recruitment, candidates
data
No longer that 2 years after
the last contact with the
person
GSM/GPS data Usually 2 months
11!! Burden of proof and status of limitation
-
7/28/2019 ItechLaw 9th International Asian Conference
19/68
4. RESTRICTION OF INTERNATIONALTRANSFER OF EMPLOYEESPERSONAL DATA
-
7/28/2019 ItechLaw 9th International Asian Conference
20/68
International transfer of employees data
IS THERE ANY RESTRICTION TO AN INTERNATIONAL TRANSFER OF PERSONAL
DATA?
From one European Country to another European Country : YES
From an European Country to a non European Country : NO
Exception: if an adequate level of protection is granted.
In any case, the employee must have given prior consent to the international
transfer of his/her personnals data.
12
-
7/28/2019 ItechLaw 9th International Asian Conference
21/68
5. CONTROL OF COLLECTION ANDPROCESSING OF EMPLOYEESPERSONAL DATA
-
7/28/2019 ItechLaw 9th International Asian Conference
22/68
By the local Data Protection Authority.
By a designated person who ensures the process is carried out
lawfully (other than the controller). This appointement is not
mandatory in each Member State.
By the employee.
Control of collection and processing of
employees data
13
-
7/28/2019 ItechLaw 9th International Asian Conference
23/68
6. SANCTIONS FOR VIOLATION OFTHE EMPLOYERS OBLIGATIONS
-
7/28/2019 ItechLaw 9th International Asian Conference
24/68
-
7/28/2019 ItechLaw 9th International Asian Conference
25/68
Specific sanctions provided by French Labor law:
Inadmissibility of evidence obtained
Cancellation of the disciplinary sanction imposed
Abusive dismissal
Offence of obstruction if employees representative organization are
not informed and consulted
Possible civil action of a union / elected employees
15
-
7/28/2019 ItechLaw 9th International Asian Conference
26/68
Thank you for your attention!
Frdrique David
Partner - TLD Legal
mailto:[email protected]:[email protected] -
7/28/2019 ItechLaw 9th International Asian Conference
27/68
Privacy Issues relating
to Employee Data in GermanyEU Employee Data Protection
Roland Falder
Bird & Bird LLP
Munich
Bangalore, February 14th, 2013
-
7/28/2019 ItechLaw 9th International Asian Conference
28/68
page 28
General Concepts of Privacy
Historical background
Government/State Private Individuals/
companies
Right to determine
which information
is available
about
Individual
-
7/28/2019 ItechLaw 9th International Asian Conference
29/68
page 29
Art. 12 Universal Declaration of
Human Rights:
No one shall be subjected to arbitrary interference with his
privacy, family, home or correspondence, nor to attacks upon his
honor and reputation. Everyone has the right to the protection of
the law against such interference or attacks.
Government/State:Europe: Fascism, Communism
UK/US: Cold War, War on Terror
Authoritarian Regimes
Private Individuals/Companies:
Free market approach vs. consumer protection approach
-
7/28/2019 ItechLaw 9th International Asian Conference
30/68
page 30
Current legal situation in EU
Data Protection Directive (Directive 95/46/EC)
Requires member states to enact laws that observe the limits set
by the Directive
National Data Protection Laws
Directive itself only marginally relevant for employee data
protection
-
7/28/2019 ItechLaw 9th International Asian Conference
31/68
page 31
New Proposal
Data Protection Regulation January 25th, 2012
Replaces and supersedes EU-Directive
Self-executing (directly applicable in member states)
but: special rules for employee data in national laws possible
(Art. 82 Draft Regulation)
Previous initiative 2011/2002 for employee Data
Protection Directive abandoned
-
7/28/2019 ItechLaw 9th International Asian Conference
32/68
page 32
General Purpose and Highlights
a) Harmonization of the rules throughout EU to make compliance easier forNon-EU-countries
but: stricter compliance regime with severe penalties
b) - Extended scope: if personal data of EU-residents areprocessed outside EU
-European Data Protection board coordinates DPAs (of which only oneis responsible for each company)
- New rules on Privacy by design and default, Data Protection impactassessments, Data Protection Officers
-Consent base approach (Employment law exemptions)
-Heavy fines (up to 2 % of annual global sales revenue)
-
7/28/2019 ItechLaw 9th International Asian Conference
33/68
page 33
- Right to be forgotten
- Data Portability
Time schedule:First vote in April/May 2013
Negotiations
Final Vote in 2014
Implementation 2015
-
7/28/2019 ItechLaw 9th International Asian Conference
34/68
page 34
Germany
Date Protection Law (since 1978) without specific rules for employee databefore: 1st data protection law (worldwide) 1970 in Hessen
2008/2009 Surveillance scandal at Deutsche Bahn and Deutsche Telekom
=> 01.09.2009 additional Article 32 restricted employer access to
employee data
New draft for specific employee data protection postponed, but a
number of issues already clarified by court decisions
-
7/28/2019 ItechLaw 9th International Asian Conference
35/68
page 35
Issues in Germany
Consent and Shop Agreements Control of Telecommunication at work place/private us
Video Surveillance
Transfer of employee data
Co-Determination by works council
BYOD
-
7/28/2019 ItechLaw 9th International Asian Conference
36/68
page 36
Outlook
Globalisation
Borders no barrier for information flow
legal challenges
-
7/28/2019 ItechLaw 9th International Asian Conference
37/68
Thank you
Roland Falder
Bird & Bird LLP
Munich
Bangalore, February 14th, 2013
-
7/28/2019 ItechLaw 9th International Asian Conference
38/68
We make ICT strategies work
Legal Barriers for BYOD Strategies
A Holistic Approach to
Legal Compliance and Security
With a focus on Employee Data
Martin Wiechers
Detecon International GmbH
-
7/28/2019 ItechLaw 9th International Asian Conference
39/68
Introduction
Frame Template Legal Barriers for BYOD Strategies - A Holistic Approach to Legal Compliance and Security
BYOD Introduction and Overview
Detecon 39PRESENTATION_BYOD_MARTIN_WIECHERS_DETECON - FINAL.PPTX
Bring Your Own Device: Permitting employees to use personally owned devices to
perform official tasks
Consumerization of IT has reshaped traditional IT landscape
Traditional lines between work and personal life blur Trailblazer for BYOD: Intel in 2009
Significant number of employees worldwide already uses own devices for work
Businesses simply can't block the trend.
-
7/28/2019 ItechLaw 9th International Asian Conference
40/68
Legal Barriers for BYOD Strategies - A Holistic Approach to Legal Compliance and Security
BYOD as Worldwide TrendingTopic
Detecon 40PRESENTATION_BYOD_MARTIN_WIECHERS_DETECON - FINAL.PPTX
BYOD
BYOD M k t O i d
Legal Barriers for BYOD Strategies - A Holistic Approach to Legal Compliance and Security
-
7/28/2019 ItechLaw 9th International Asian Conference
41/68
Devices Used to Access Business Applications
BYOD Market Overview and
Perception
Detecon 41PRESENTATION_BYOD_MARTIN_WIECHERS_DETECON - FINAL.PPTX
IT Leaders Opinion Company IT Support for Employee-Owned Devices
Global Internet Device Sales
Legal Barriers for BYOD Strategies - A Holistic Approach to Legal Compliance and Security
-
7/28/2019 ItechLaw 9th International Asian Conference
42/68
Frame Template
Devices Used to Access Business Applications
BYOD Market Overview and
Perception
Detecon 42PRESENTATION_BYOD_MARTIN_WIECHERS_DETECON - FINAL.PPTX
IT Leaders Opinion Company IT Support for Employee-Owned Devices
Global Internet Device Sales Global Internet Device Sales
l
Legal Barriers for BYOD Strategies - A Holistic Approach to Legal Compliance and Security
-
7/28/2019 ItechLaw 9th International Asian Conference
43/68
Frame Template
Devices Used to Access Business Applications
BYOD Market Overview and
Perception
Detecon 43PRESENTATION_BYOD_MARTIN_WIECHERS_DETECON - FINAL.PPTX
IT Leaders Opinion Company IT Support for Employee-Owned Devices
Global Internet Device Sales
F T l
Legal Barriers for BYOD Strategies - A Holistic Approach to Legal Compliance and Security
-
7/28/2019 ItechLaw 9th International Asian Conference
44/68
Frame Template
Devices Used to Access Business Applications
BYOD Market Overview and
Perception
Detecon 44PRESENTATION_BYOD_MARTIN_WIECHERS_DETECON - FINAL.PPTX
IT Leaders Opinion Company IT Support for Employee-Owned Devices
Global Internet Device Sales Devices Used to Access Business Applications
Legal Barriers for BYOD Strategies - A Holistic Approach to Legal Compliance and Security
-
7/28/2019 ItechLaw 9th International Asian Conference
45/68
Devices Used to Access Business Applications
BYOD Market Overview and
Perception
Detecon 45PRESENTATION_BYOD_MARTIN_WIECHERS_DETECON - FINAL.PPTX
IT Leaders Opinion Company IT Support for Employee-Owned Devices
Global Internet Device Sales
Frame Template
k d
Legal Barriers for BYOD Strategies - A Holistic Approach to Legal Compliance and Security
-
7/28/2019 ItechLaw 9th International Asian Conference
46/68
Frame Template
Devices Used to Access Business Applications
BYOD Market Overview and
Perception
Detecon 46PRESENTATION_BYOD_MARTIN_WIECHERS_DETECON - FINAL.PPTX
IT Leaders Opinion Company IT Support for Employee-Owned Devices
Global Internet Device Sales
IT Leaders Opinion
Frame Template
k i d Legal Barriers for BYOD Strategies - A Holistic Approach to Legal Compliance and Security
-
7/28/2019 ItechLaw 9th International Asian Conference
47/68
Frame Template
Devices Used to Access Business Applications
BYOD Market Overview and
Perception
Detecon 47PRESENTATION_BYOD_MARTIN_WIECHERS_DETECON - FINAL.PPTX
IT Leaders Opinion Company IT Support for Employee-Owned Devices
Global Internet Device Sales
Frame Template
BYOD M k O i d
Legal Barriers for BYOD Strategies - A Holistic Approach to Legal Compliance and Security
-
7/28/2019 ItechLaw 9th International Asian Conference
48/68
Frame Template
Devices Used to Access Business Applications
BYOD Market Overview and
Perception
Detecon 48PRESENTATION_BYOD_MARTIN_WIECHERS_DETECON - FINAL.PPTX
IT Leaders Opinion Company IT Support for Employee-Owned Devices
Global Internet Device Sales
Company IT Support for Employee-Owned Devices
Legal Barriers for BYOD Strategies - A Holistic Approach to Legal Compliance and Security
-
7/28/2019 ItechLaw 9th International Asian Conference
49/68
Detecon 49
BYOD The Pros and Cons
Legal Barriers for BYOD Strategies - A Holistic Approach to Legal Compliance and Security
+ Reduced Capital Expenditure (CAPEX)+ Lower administration costs / management efforts+ Familiarity with Device = Increased employee acceptance+ Productivity increase: Willingness to use device in spare time (risk: claims for overtime compensation)
+ Access to business applications independent from employees location
Possible Advantages
- Increase in operational expenditure (OPEX)- Incompatibilities due to heterogeneous device landscape- Security risks- Taxation issues- Works council involvement- Germany / EU: Company remains responsible entity for data processing; technical and organizational measures
difficult to establish on device
- Germany / EU: Access restrictions due to secrecy of telecommunications and data protection
Possible Disadvantages
Legal Barriers for BYOD Strategies - A Holistic Approach to Legal Compliance and Security
D i i BYOD S i I i i l
-
7/28/2019 ItechLaw 9th International Asian Conference
50/68
Designing BYOD-Strategies Initial
Thoughts
Detecon 50PRESENTATION_BYOD_MARTIN_WIECHERS_DETECON - FINAL.PPTX
Legal Framework
ManagementGoals
Internal
Compliance
Security
Requirements
ITRequirements
Frame Template
Legal Barriers for BYOD Strategies - A Holistic Approach to Legal Compliance and Security
-
7/28/2019 ItechLaw 9th International Asian Conference
51/68
Frame Template
BYOD-Strategies have a Multitude of Legal Implications
BYOD A Legal Minefield?
Detecon 51PRESENTATION_BYOD_MARTIN_WIECHERS_DETECON - FINAL.PPTX
BYOD
Data Protection Issues
e.g. access to employees personal data
Copyright Infringements
e.g. use of unlicensed Apps for work
Labor Law
e.g. overtime, involvement of works council
Retention Periods
e.g. storage of business documents on device
Recovery of Possession
e.g. audit or suspicions of offences
Device Replacement
e.g. defect occuring during work
Legal Barriers for BYOD Strategies A Holistic Approach to Legal Compliance and Security
?
Legal Barriers for BYOD Strategies - A Holistic Approach to Legal Compliance and Security
-
7/28/2019 ItechLaw 9th International Asian Conference
52/68
Detecon 52
BYOD vs. Employee Data Protection Employer
Access to Data from Different Spheres
Personal Data
vs Company Data
Photos
Account Info
& Passwords
Browser
History
Chat
Protocolls
Spare TimeLocation
Data
PrivateEmail
PersonalData
CompanyData
Business
Secrets
Account Info
& Passwords
Sensitive
Documents
Business
Email
Frame Template
Legal Barriers for BYOD Strategies - A Holistic Approach to Legal Compliance and Security
-
7/28/2019 ItechLaw 9th International Asian Conference
53/68
German Data Protection in a Nutshell
p
BYOD vs. Employee Data Protection Basic
Systematics of German Data Protection
Detecon 53PRESENTATION_BYOD_MARTIN_WIECHERS_DETECON - FINAL.PPTX
Sec. 3 para.1 BDSG (Federal Data Protection Act):
Personal data shall mean any information concerning the personal or material
circumstances of an identified or identifiable natural person (data subject).
Sec. 4 para. 1 BDSG: Processing of personal data only if
Permitted directly by statutory law
Approval from affected person, Sec. 4a BDSG
Everything is prohibited unless expressly allowed.
Frame Template
BYOD E l D P i S ifi
Legal Barriers for BYOD Strategies - A Holistic Approach to Legal Compliance and Security
-
7/28/2019 ItechLaw 9th International Asian Conference
54/68
BYOD generally affects Personal Data
p
BYOD vs. Employee Data Protection Specific
Provisions on Employee Data Protection are
Generally Affected
Detecon 54PRESENTATION_BYOD_MARTIN_WIECHERS_DETECON - FINAL.PPTX
Generally every private device contains personal data
Personal data affected by most IT-adminstrative tasks
Specific Provision for employment relationship Sec. 32 para. 1 BDSG:
An employees personal data may be collected, processed or used for employment-
related purposes where necessary for hiring decisions or, after hiring, for carrying
out or terminating the employment contract.
Every state of employment relationship covered:
Assessments of performance and behaviour
Measures to prevent criminal offences and other violations of law
Frame Template
BYOD E l D t P t ti
Legal Barriers for BYOD Strategies - A Holistic Approach to Legal Compliance and Security
-
7/28/2019 ItechLaw 9th International Asian Conference
55/68
BYOD generally affects Personal Data
p
BYOD vs. Employee Data Protection
Employees Consent Required
Detecon 55PRESENTATION_BYOD_MARTIN_WIECHERS
_DETECON - FINAL.PPTX
Necessity:
Collection/processing/use of personal data permitted ifdirectly necessary for
employment relationship
Narrow interpretation of necessity: Task impossible without data
Consequence:
BYOD processing of personal data is mostly not necessary in legal sense
Generally consent of employee required to perform IT admin tasks on device
Violation of personal data is
no acceptable collateral damage ofBYOD!
Frame Template
Legal Barriers for BYOD Strategies - A Holistic Approach to Legal Compliance and Security
-
7/28/2019 ItechLaw 9th International Asian Conference
56/68
BYOD generally affects Personal Data
BYOD vs. Employee Data Protection
but Consent Unlikely to be granted
Detecon 56PRESENTATION_BYOD_MARTIN_WIECHERS
_DETECON - FINAL.PPTX
Prerequisites of a valid consent (Sec. 4a BDSG):
Declaration of the affected individual that is
voluntary
for the specific case
Is given in complete awareness of the individual circumstance
Issues:
Voluntariness in employment relationship questionable
Employees freedom of choice de facto limited by existential meaning of
employment relationship
Presumption that consent of employee is seldom voluntary
Employee will not provide consent as extensive access rights to private device are
not favourable
Legal Barriers for BYOD Strategies - A Holistic Approach to Legal Compliance and Security
-
7/28/2019 ItechLaw 9th International Asian Conference
57/68
Implementing BYOD Strategies Works
Council Involvement
Detecon 57PRESENTATION_BYOD_MARTIN_WIECHERS
_DETECON - FINAL.PPTX
Works Council has Right to Participate
Right to Control according to Sec. 80 BetrVG (Works Constitution Act):
The works council shall have the following general duties:
1. to see that effect is given to Acts, ordinances, safety regulations, collective
agreements and works agreements for the benefit of the employees; *+
Right of co-determination according to Sec. 87 para. 1 no. 2 & no. 6 BetrVG:
(1) The works council shall have a right of co-determination in the following matters
in so far as they are not prescribed by legislation or collective agreement:
2. the commencement and termination of the daily working hours including breaks
and the distribution of working hours among the days of the week;
6. the introduction and use of technical devices designed to monitor the behavior or
performance of the employees;
Frame Template
Legal Barriers for BYOD Strategies - A Holistic Approach to Legal Compliance and Security
-
7/28/2019 ItechLaw 9th International Asian Conference
58/68
Private Email Use
BYOD vs. Employee Data Protection
Special Case: Private Email Use
Detecon 58PRESENTATION_BYOD_MARTIN_WIECHERS
_DETECON - FINAL.PPTX
If private use is permitted/tolerated employer is Provider of telecommunication
services
Consequence: telecommunications secrecy applies regarding email account
Access can be criminal offence (Sec. 206 Criminal Code)
Telecommunications secrecy protects all communication partners
Sender (internal and external) and receiver
Problems:
Control of private communication
Death, illness, absence, leave of absence, dismissal
Frame Template
Legal Barriers for BYOD Strategies - A Holistic Approach to Legal Compliance and Security
-
7/28/2019 ItechLaw 9th International Asian Conference
59/68
Combination of Technical and Policy Solution Preferable
Container Solution:
Business related applications in dedicated container on device, business data only
stored in this shell
Only this container can be accessed and administrated by employer
E.g. Blackberry 10
Succesful Implementation Requires Holistic Approach
Based on Applicable Legal Framework
Detecon 59PRESENTATION_BYOD_MARTIN_WIECHERS
_DETECON - FINAL.PPTX
Private Apps
and Data
Work Apps
and Data
Strict technical separation between
different working environments
Frame Template
Legal Barriers for BYOD Strategies - A Holistic Approach to Legal Compliance and Security
-
7/28/2019 ItechLaw 9th International Asian Conference
60/68
Combination of Technical and Policy Solution Preferable
Client Solution:
Cloud/client-server-based solution with mobile device as client
Device is only used as interface for access to network
No business related data is stored permanently on device
After disconnecting from server all data is wiped
E.g. Hewlett Packard
Permission to participate in BYOD should depend on signing respective policy and
giving respective consents
Succesful Implementation Requires Holistic
Approach Based on Applicable Legal Framework
Detecon 60PRESENTATION_BYOD_MARTIN_WIECHERS
_DETECON - FINAL.PPTX
Frame Template
Legal Barriers for BYOD Strategies - A Holistic Approach to Legal Compliance and Security
-
7/28/2019 ItechLaw 9th International Asian Conference
61/68
Combination of Technical and Policy Solution Preferable
Technical Solution minimizes risk of access to employees personal data
In case of container solution private use of device has to be prohibited for container
Employer retains full control and access rights
Permission to participate in BYOD should depend on signing respective policy and
giving respective consents
Succesful Implementation Requires Holistic Approach
Based on Applicable Legal Framework
Detecon 61PRESENTATION_BYOD_MARTIN_WIECHERS
_DETECON - FINAL.PPTX
Frame Template
Legal Barriers for BYOD Strategies - A Holistic Approach to Legal Compliance and Security
-
7/28/2019 ItechLaw 9th International Asian Conference
62/68
Conclusion
International perspective: BYOD is todays reality
Legal framework must be basis for strategy development
Security, Internal Compliance, IT and Business has to align
BYOD does not rise genuinely new legal issues Multinational Enterprises: Strategy should be adjusted to weakest link
Implementation requires multidisciplinary knowledge/team
Good Understanding ofbig picture opens potential for massive increase of revenues
for legal advisory
BYOD Strategies: Conclusion
Detecon 62PRESENTATION_BYOD_MARTIN_WIECHERS
_DETECON - FINAL.PPTX
Contact sheet
Legal Barriers for BYOD Strategies - A Holistic Approach to Legal Compliance and Security
-
7/28/2019 ItechLaw 9th International Asian Conference
63/68
Thank you very much!
Detecon 63PRESENTATION_BYOD_MARTIN_WIECHERS
_DETECON - FINAL.PPTX
Martin Wiechers
Detecon International GmbH
Sternengasse 14-16
50676 Cologne (Germany)
Phone: +49 221 9161-1899
Mobile: +49 151 46718873
-
7/28/2019 ItechLaw 9th International Asian Conference
64/68
India does not have specific laws to protect anindividuals privacy including data privacy
Courts have upheld privacy rights under Article 21 ofthe Indian Constitution vis--vis the government
The Information Technology Act, 2000 provides someprotection for electronic data
Consumer courts have upheld privacy rights againstindividuals and entities
No specific laws to protect employee data
The Indian Scenario
-
7/28/2019 ItechLaw 9th International Asian Conference
65/68
No need for employers to issue a privacy policyapplicable to employee data
Employers should retain employee data for at leastthree years laws of limitation
Income Tax (IT) laws allow the IT department to initiateproceedings within 7 years of a relevant assessmentyear so companies usually retain employee data for8 years
No restriction on transferring data to third parties oroverseas
Courts have sometimes placed restrictions on thetransfer of health related employee data
The Indian Scenario
-
7/28/2019 ItechLaw 9th International Asian Conference
66/68
Employees could make tort claims for breach of dataprivacy
Employees could also stake a claim for breach of datain electronic records under the Information Technology
Act, 2000 Last year the Shah Committee, appointed by the
Indian Government released its report on privacy.
The Shah Committee Report recommends some
significant changes which may be implemented inlaws to come
The Indian Scenario
-
7/28/2019 ItechLaw 9th International Asian Conference
67/68
Panel Discussion
Audience Q & A
-
7/28/2019 ItechLaw 9th International Asian Conference
68/68
Thank You