19. International Agreements and Guidelines

Question 1

International Agreements and Guidelines

OECD

Answer 1

Organisation for Economic Cooperation and Development

• 30 member nations
• Guidelines on the protection of privacy and transborder flows of personal data
• Guidelines = Suggestions = NOT mandatory
• Issued 1980, updated 2013

Question 2

International Agreements and Guidelines

Collection Limitation Principle

8 driving principles

Answer 2

Collection of personal data should be;
1. Limited
2. Lawful (fair means)
3. Knowledge of the subject

Question 3

International Agreements and Guidelines

Data Quality Principle

8 driving principles

Answer 3

Data should be (for what it is being used for);
1. Complete
2. Current
3. Relevant

Question 4

International Agreements and Guidelines

Purpose Specification Principle

8 driving principles

Answer 4

Subjects need to be told
1. Why data is being collected
2. The time it is being collected
3. Company only use it for whatever that purpose is

Question 5

International Agreements and Guidelines

Use Limitation Principle

8 driving principles

Answer 5

Personal Data cannot be disclosed, made available
UNLESS;
1. consent from subject
2. authority of law

Question 6

International Agreements and Guidelines

Security Safeguards Principle

8 driving principles

Answer 6

Reasonable safeguards in place to protect the data

Question 7

International Agreements and Guidelines

Openness Principle

8 driving principles

Answer 7

Practices and policies to personal data must be communicated openly

• Subject must be easily able to establish the existence and nature of personal data
• its use and identity of org that has the data

Question 8

International Agreements and Guidelines

Individual Participation Principle

8 driving principles

Answer 8

Find out which organisations have your data

• Subject should be able ot correct any of the data that is wrong
• Subject can challenge any requests that are denied

Question 9

International Agreements and Guidelines

Accountability Principle

8 driving principles

Answer 9

Organisations are held accountable for complying with principles stated in the seven principles

Question 10

International Agreements and Guidelines

Wassenaar Arrangement

Answer 10

Export/Import controls
Conventional Arms and Dual Use Goods and Technologies

• 41 countries
• Cryptography considered “dual use”
• Iran, Iraq, China, Russia - import restrictions. Want to spy on their citizens
• Security manager must know the cryptography laws of where you are exporting data to

Question 11

International Agreements and Guidelines

10 categories

Wassenaar Arrangement

Answer 11

1. Special materials and related equipment
2. Materials Processing
3. Electronics
4. Computers
5. 5.1 - Telecommunications, 5.2 Information Security
6. Sensors and “lasers”
7. Navigation and Avionics
8. Marine
9. Aerospace and propulsion