The IT Law Wiki
 
(9 intermediate revisions by the same user not shown)
Line 1: Line 1:
== Definition ==
+
== Definitions ==
   
  +
=== Cloud computing ===
'''Sensitive data''' is [[personally identifiable information]] about health, financial activities, sexual behavior or sexual orientation, [[social security number]]s, insurance numbers, or any government-issued ID numbers.
 
   
  +
'''Sensitive data''' is
== EU Directive on the Protection of Personal Data ==
 
  +
  +
{{Quote|[a]ny [[classified data|classified]], [[personal data|personal]], [[proprietary data|proprietary]] or [[confidential information]] or [[data]] of any form, nature or structure, that can be created, [[upload]]ed, inserted in, [[data collection|collected]] or [[derived data|derived]] from or with [[cloud services]] and/or [[cloud computing]] whose [[access]], use, [[disclosure]] or [[data processing|processing]] is subject to restriction either by applicable law or [[contract]].<ref>[[Cloud Service Level Agreement Standardisation Guidelines]], at 14.</ref>}}
  +
 
=== EU Directive on the Protection of Personal Data ===
   
 
'''Sensitive data''' is
 
'''Sensitive data''' is
   
{{Quote|[[data]] revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, [[data]] concerning health or sex life, and [[data]] relating to offences, criminal convictions or [[security]] measures.<ref>[[EU Directive on the Protection of Personal Data]], Art. 8.</ref>}}
+
{{Quote|[[data]] revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, [[data]] concerning health or sex life.<ref>[[EU Directive on the Protection of Personal Data]], Art. 8.</ref>}}
  +
  +
=== Federal Trade Commission ===
  +
  +
'''Sensitive data''' is
  +
  +
{{Quote|at a minimum, [[data]] about children, [[Financial information|financial]] and [[health information]], [[Social Security Number]]s, and certain [[geolocation data]]. . . .<ref>[[Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers]], at 47 n.214.</ref>}}
  +
  +
=== General ===
  +
  +
'''Sensitive data''' is
  +
 
{{Quote|[[personally identifiable information]] about health, financial activities, sexual behavior or sexual orientation, [[social security number]]s, insurance numbers, or any government-issued ID numbers.}}
  +
  +
=== Law enforcement ===
  +
  +
'''Sensitive data''' is
  +
  +
{{Quote|[[information|[i]nformation]] pertaining to significant law enforcement cases currently under investigation and [[criminal intelligence]] reports that require strict [[dissemination]] and release criteria.<ref>[[National Criminal Intelligence Sharing Plan]], App. A, at 29.</ref>}}
  +
  +
== Overview (EU Directive on the Protection of Personal Data) ==
  +
  +
The prohibition on the [[data processing|processing]] of sensitive data does not apply if:
  +
  +
{{Quote|
  +
(a) the [[data subject]] has given his [[explicit consent]] to the [[data processing|processing]] of those [[data]], except where the laws of the [[Member State]] provide that the prohibition referred to in paragraph 1 may not be lifted by the [[data subject]]'s giving his [[consent]]; or
  +
  +
(b) [[data processing|processing]] is necessary for the purposes of carrying out the obligations and specific rights of the [[Data controller|controller]] in the field of [[employment]] law in so far as it is [[authorized]] by national law providing for adequate [[safeguard]]s; or
  +
  +
(c) [[data processing|processing]] is necessary to protect the vital interests of the [[data subject]] or of another person where the [[data subject]] is physically or legally incapable of giving his [[consent]]; or
  +
  +
(d) [[data processing|processing]] is carried out in the course of its legitimate activities with appropriate guarantees by a foundation, association or any other non-profit-seeking body with a political, philosophical, religious or trade-union aim and on condition that the [[data processing|processing]] relates solely to the members of the body or to persons who have regular contact with it in connection with its purposes and that the [[data]] are not [[disclose]]d to a [[third party]] without the [[consent]] of the [[data subject]]s; or
  +
  +
(e) the [[data processing|processing]] relates to [[data]] which are manifestly made public by the [[data subject]] or is necessary for the establishment, exercise or defence of legal claims.<ref>[[EU Directive on the Protection of Personal Data]], Art. 8(a)-(e).</ref>}}
   
 
== References ==
 
== References ==

Latest revision as of 00:56, 19 September 2014

Definitions[]

Cloud computing[]

Sensitive data is

[a]ny classified, personal, proprietary or confidential information or data of any form, nature or structure, that can be created, uploaded, inserted in, collected or derived from or with cloud services and/or cloud computing whose access, use, disclosure or processing is subject to restriction either by applicable law or contract.[1]

EU Directive on the Protection of Personal Data[]

Sensitive data is

data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, data concerning health or sex life.[2]

Federal Trade Commission[]

Sensitive data is

at a minimum, data about children, financial and health information, Social Security Numbers, and certain geolocation data. . . .[3]

General[]

Sensitive data is

personally identifiable information about health, financial activities, sexual behavior or sexual orientation, social security numbers, insurance numbers, or any government-issued ID numbers.

Law enforcement[]

Sensitive data is

[i]nformation pertaining to significant law enforcement cases currently under investigation and criminal intelligence reports that require strict dissemination and release criteria.[4]

Overview (EU Directive on the Protection of Personal Data)[]

The prohibition on the processing of sensitive data does not apply if:

(a) the data subject has given his explicit consent to the processing of those data, except where the laws of the Member State provide that the prohibition referred to in paragraph 1 may not be lifted by the data subject's giving his consent; or

(b) processing is necessary for the purposes of carrying out the obligations and specific rights of the controller in the field of employment law in so far as it is authorized by national law providing for adequate safeguards; or

(c) processing is necessary to protect the vital interests of the data subject or of another person where the data subject is physically or legally incapable of giving his consent; or

(d) processing is carried out in the course of its legitimate activities with appropriate guarantees by a foundation, association or any other non-profit-seeking body with a political, philosophical, religious or trade-union aim and on condition that the processing relates solely to the members of the body or to persons who have regular contact with it in connection with its purposes and that the data are not disclosed to a third party without the consent of the data subjects; or

(e) the processing relates to data which are manifestly made public by the data subject or is necessary for the establishment, exercise or defence of legal claims.[5]

References[]