The information on which the search is based has been translated by a computer system without human intervention. It may contain errors in vocabulary, syntax or grammar. The translation may also produce mistakes in the searches performed.
156 results were found for your search terms SECURITY MEASURES
Risks of the communications through mobile devices
CNS 36/2014
The functioning examined, the security and the threats or vulnerabilities which it can show the communications made through mobile devices that they use the technology 2G (GSM) and 3G (UMTS), as well as the attacks in which they can see themselves exposed, it is considered that, in order to guarantee the confidentiality and the integrity of the sensitive personal information in its transmission through these mobile devices, it is necessary to employ software that allows the encipherment of this information in traffic of extreme in extreme.
29/09/2014
Possibility to treat data of the Municipal Census of Inhabitants to contact the immigrant persons beneficiaries for the service of first reception
CNS 45/2014
The Town Councilor of Integration can treat the data of the Census necessary to give to the foreign persons inmigrades or to persons returned (Law 10/2010), in particular, for getting itself with these persons in touch fulfillment to the relative functions in the service of first reception. In case the Town Council can articulate a system through which the Department of Integration can only access, the necessary data of the Census in relation to the foreseen purpose, with views to its extraction in a temporary file this option would be adjusted to the demands of the regulations of data protection. In another case, it would be necessary to prioritize the option than or the area or service the one that makes the extraction and communicates the data to the Department been in charge of the Census.
04/09/2014
Report in relation to the Project of order by which the Register of the public sector of the Generalitat de Catalunya is regulated
PD 14/2014
04/09/2014
Adequacy of the safety measures applicable to the Project I LIVE + to the regulations on the subject of protection of personal character data
CNS 34/2014
The extense and diverse casuistry that can be given in relation to the potential customers attended to. the foreseen purposes, the offered services and the files that would be an information source of the Project VISC+, a major clarity would be convenient and concretion with respect to which purposes they can justify the access to the information, on the part of which customers and in which conditions. From the prospect of the principles of quality and of purpose, and for the volume of sensitive information generated through VISC+, it is recommended to prioritize previously the suppositions of cession of data anonymized, associates to a non identifiable code or, if possible, not associated with any code, in front of suppositions of cession of particulars of identifiable persons who have loaned its consent. The adoption of a wholemeal model of security of the information is also recommended, among others, for the whole of the contract VISC+.
23/07/2014
- SECTORIAL AREA
- Health
- Clinical record
- TRANSFER OR DISCLOSURE OF DATA
- Public administration
- Healthcare facility
- PERSONAL DATA
- Anonymised data
- Sensitive data
- Health data
- DATA PROCESSOR
- ENTITIES
- Public administration
- Healthcare facility
- SECURITY MEASURES
- OBLIGATIONS
- Impact assessment
- PRINCIPLES
- Purpose limitation principle
- Historical, scientific or statistical purposes
- Lawfulness principle
- Consent
- Quality principle
Recruitment of the systems of mail to the cloud of Google Apps and of Microsoft Office 365
CNS 27/2014
The adhesion of the companies Google and Microsoft to the agreement "U.S.-E.U. Safe Harbor" presupposes, to date of today, that the particulars sent by the entity by virtue of the recruitment of the services Google Apps for Business or Microsoft Office 365 will be treated with determinate guarantees and conditions of security. Particularly, this treatment will stay in the case of the Microsoft company fully guaranteed, once the Resolution TI/00032/2014 of the Spanish Agency of Protection of Data has been attended to. However, it will be necessary to have present that the foreseen performances in the respective conditions of use of these services, especially of Google Apps for Business, they can exceed the main purpose for which the entity would entrust the treatment of the data. Likewise, in order to consider the safety measures suitable global implemented in these services, it will be necessary carry to term the foreseen auditing to the regulations of data protection. For what it makes, specifically, to the use of the service of electronic mail, this does not show additional risks for the security of the information whenever the recommendations made about this are adopted.
17/07/2014
Report in relation to the Preliminary Sketch of ordering law of the system of employment and of the Service of Employment of Catalonia
PD 7/2014
09/07/2014
Communication of data among public administrations in relation to determinate collectives VIP
CNS 35/2014
The cession of a listing of persons who belong to a determinate VIP collective, in order to establish additional safety measures to reinforce the control of accesses to the data bases with tributary information, can be carried out without consent of the ones affected if only the data related to its name are included, surnames and charge that they occupy. The inclusion in this listing of the datum related to the NIF or DNI will require but the previous consent of the affected ones.
30/06/2014
Catchment and recording of images through cameramen of videovigilància in the dependences from the municipal deposit of persons under arrest
CNS 6/2014
From the prospect of the protection of data, the treatment of images of the cells, although he can justify itself in determinate cases, it has to be exceptional in accordance with the considerations of this judgement. It can be reasonable to pick up and to record images in rooms of search when superficial registers of the persons stopped, since a contact is produced between these and third parties, are practiced. In one and another case, it is necessary to take the possibility to treat the images in an encrypted way, as well as the exigible safety measures, in order to avoid undue accesses or inappropriate treatments of the images, into account. Regarding the conservation of the recorded images, it does not seem that in many cases it has to be exhausted the deadline of a month, since, probably, very before it will already be able to be determined if it is necessary to preserve or not the images.
22/04/2014
Collection of tributary information through a computer application
CNS 19/2014
The information received by the organization that formulates the consultation and that is not necessary for the exercise of its functions has to be canceled, in accordance with what establishes the article 4.5 of the LOPD. The identification and authentication to correlate electronically with a tributary organization based on the NIF and the personal identification code of the card of sanitary identification (CIP-TIS) sent by the CatSalut, it does not offer enough guarantees for the security of the information.
11/04/2014
Utilization on the part of the lawyers of the services of cloud storage
CNS 57/2013
The risks that the use of the services "Google Drive", "Microsoft Onedrive" and "Dropbox" for the lawyer means that it decides to store relative documentation there to its customers they would be related, with the functioning typical of these services, as well as with the different applications and platforms that allow the access and the management of the stored archives. The adhesion of the supplier companies of these services to the beginning of the agreement Safe Harbor presupposes, to date of today, that the particulars stored by the lawyer will be handled with determinate guarantees and conditions of security, even though it could be insufficient. Likewise, to have the certification ISO/IEC/27001, or any other certification or international standard on the subject of security, it is not a sufficient guarantee of the fulfillment of the safety measures of the RLOPD. It would be necessary to the regulations of data protection to accompany it from the foreseen auditing.
28/03/2014
- SECTORIAL AREA
- Cloud computing
- Social networks
- HABEAS DATA RIGHTS
- Right of information
- DATA PROCESSOR
- ENTITIES
- Public administration
- Corporate administration
- Professional associations
- SECURITY MEASURES
- PRINCIPLES
- Purpose limitation principle
- Lawfulness principle
- Consent
- Quality principle
- DATA CONTROLLER
- INTERNATIONAL DATA TRANSFERS
Total number of pages: 16