Friday, December 17, 2010

Cervical Mucus Smells Like Chlorine

Osasunbidea shall audit the hospitals of Navarra in the field of data protection security



Today I want to echo a report in the Daily News Navarre :

Kutz commissioning the work to a public company

Health to audit the security of medical records to comply with data protection law

agency protection data required to make the review before April 1, 2011

Kutz commissioning the work to a public firm and emphasizes that Navarra is a community with greater compliance with the standard

Normal

As always be seen as far as safety comes in the audit will take place until April 2011 . From my point of view should address the issue taking into account the different risks of leakage and / or loss of data, should also take into account the personal awareness of health centers in terms of privacy and the use of the information relates . Whether this use on paper, in telematic support, or treatment and use of information system Osasunbidea. Also, in my opinion, I understand that should strengthen more security measures and start giving greater compliance including all the measures contained in the Law 15/1999 Protection of Personal Data (Data Protection Act) of 13 December, as well as those that Real Decree 1720/2007 of 21 December (RDLOPD) establishes and develops. Also, we must also take into account those that Law 11/2007 on Electronic Access of Citizens to Public Services (LAECSP) and Royal Decree 3 / 2010 of January 8, which regulates the National Security Scheme the field of eGovernment states. For the latter, in theory have a period of implementation of those Security measures less than a month and expires in early January 2011.


Do you give time to comply with what Royal Decree 3 / 2010 sets? Or just be dedicated to meet the deadline for compliance with data protection rules they themselves set (April 2011) with the end of the audit recently commissioned a public entity.


allowed bets ... :)

Thursday, December 16, 2010

Charriol Bracelet For Sale In The Philippines




Today I have fallen thirty the truth is that I hardly even noticed that today was my birthday, I forgot the phone at home and also I have worked in Bilbao and has almost been like a day ... I console myself

with what is said now that the thirties are the twentieth of twenty-first century jejeje:)

Wednesday, December 1, 2010

How Much Cyst Removal Costs

THIRTY SMEs AND THE SOCIAL


Today I'm going to echo the following news: "Only 21% of SMEs have a plan data protection " , report in the online newspaper " 5 Days " in which noted that only 21% of English SMEs have a plan for the protection of data, so almost 80% of English SMEs complying fully the precepts contained in the existing regulations to protect personal data even though over 70% of the companies English recognized the importance of having a corporate strategy for the protection of data. In addition "5 Days" also states that 13.7% of them know the rules while 26% think that is not affected by data protection legislation. All this data comes from a study by ISMS Forum Spain , non-profit association whose main objective is to promote information security.

The article cited by contrast with the fact that every increasing use of electronic media for all types of activities such as the relationship with the public administration, banking transactions, the buying, selling and especially the use of social networks both in a personal way as trade or business. Despite all this, companies are not aware of the importance to be given to information, not only because there are rules stating this, but because the information is in many cases the main asset and mainstay of the company both for its smooth operation and to generate profits.

Therefore, in my opinion if such a company backs up its information systems but stored in the same place where the server is located or most of their information and that room does not have basic security measures (fireproof room with access control, ventilation, etc.) will have little use those copies in case of disaster or of a major incident in our information systems. It seems that this so silly, is one of the most typical violations of safety information that I usually see in the audits performed.

In conclusion, it is not only to respect the law so we are not fined, it preserve the information because it is our main active with our customers and their privacy.

For more info about data protection and the gathering:

www.protegetuinformación.com

Saturday, October 30, 2010

Boob Sizes Comparison

LOPD

This is a video I recently discovered that although and takes a couple of months posted on YouTube, I think there's enough truth in what he says the rapper "Tote King" in his song "Social Networks" and since it is weekend and bridge I leave all the saints to encourage a bit.

Closes ... Tuenti Now Social Networking! Social Networking! :)

Thursday, September 9, 2010

Supplementary Angles In Football

Mexico already has the Data Protection Act

The approach of creating a new law that regulated in Mexico privacy issue, began in 2001, finally, The Commission of Government approved by majority opinion is issued by the Federal Law on the Protection of Personal Data Ownership individuals, in principle the idea is that companies who want to conform, as profit gain support and assistance to it and avoid any penalties that may reach $ 1,414,400 dollars and in the case of particularly sensitive data breach , the penalty may amount to $ 2,828,800 for violating the new standard. On the other hand the main objective of the rule is to ensure and safeguard the principles, rights and procedures for citizens of their personal data.

Thus, Mexico is in line with OECD countries and the European Union, to have a law which provides for the principles on data currently are personal observed by members of such bodies. Likewise, Mexico would be the first country to pass a law that meets international standards on privacy, adopted at the World Conference of Commissioners Privacy and Data Protection.

Friday, August 20, 2010

Psp Movie Samantha38g



I must admit that this news made me happy, because although I'm not a big consumer of "Apple", it is true that many of them amaze me and the truth that open a Official Shop is at least interesting, I personally have been in New York and found it amazing the building and operation of the same in which could buy and pay an @ in any aisle and had many employees with credit card readers to facilitate the recovery of these without having to resort to general cases, thus avoiding the overcrowding and queues that are often created in this type of giga-shops. The news I read in the electronic edition of ABC :
The multinational computer Apple will open its first store in early September at the shopping center Machinist Barcelona, \u200b\u200baccording to industry sources reported Efe property.
The Apple Store, as it is known to Apple stores, and can be found in several European cities, however, Spain was one of the unfinished business of the company. So far, the company operated in the local market through dealers under the name of K-tuin, or in different facilities in centers such as FNAC and El Corte Ingles.
Finally, after having sought a location more central and more visible as the Paseo de Gracia, the company installed in the mall, due to the lack of facilities available in that area. The future Apple Store will have 1,300 square meters on one floor and will be located between the local and Desigual Zara. The Catalan store will be similar to those installed in cities like New York, London or Tokyo, and have all the Apple products also provide customer support, technical services and training courses.

Thursday, August 19, 2010

Pregnant Women Griha Pravesh

APPLE is here and The Blog FACEBOOK is


As I said some time ago, was intended Blog create a profile on Facebook, that despite being a social network that is not my cup of tea personally, there Admittedly it has a viral effect impressive so I think it is more advisable to have a profile or company blog, shop, service etc.. in this network, we can combine the beauty of a good social network of a blog.

the moment I have the profile quite bare, but eventually it will go better ... :)

Betsey Johnson Diper Bag

Introduction to "LAECSP" Transparency Act

some time ago that this legislation is with us and since I had access to it on numerous occasions and since I have raised many questions, I deemed it appropriate to share on the blog in order to help those who are in situations where I found myself recently. Of course when we talk about the "LAESCP" we are referring to the Law 11/2007 of 22 June, citizens' electronic access to public services . This regulation is aimed to recognize the right of citizens to interact with government electronically and regulate basic aspects of the use of information technology in administrative activity in the relations between the government and the relations of citizens with the same order to ensure their rights, a common treatment to them and the validity and effectiveness of administrative activity in terms of legal certainty. To this end, the government uses information technology to ensure the availability, access, integrity, authenticity, confidentiality and preservation of data, information and services to manage in the exercise of its powers.


said that, in its assessment criteria, we must take into account the different concepts that the government should play in the electronic world and the Internet, such as Online Office, Forms Manager, Electronic Registration , Payment Gateway, manager of records, electronic notification, electronic identification, electronic archiving and interoperability. Specifically, in terms of digital certificates worth noting that although the standard generally provides a general way, that digital signatures will be advanced digital certificates used by the Public Administration, a first question that arises is whether they should take "Time Stamp" or not, since not all advanced firms do not necessarily carries with it the date and time stamp, but in the Article 26.1 (Computer deadlines) of the LAECSP states:


governing electronic records for purposes of calculating periods attributable both to stakeholders and the general government by the official date and time of the electronic site access, which should have the necessary security measures to ensure their integrity and appear visible.


Conclusion, it is best to always use "Timestamping" , although technically requires more effort, since today there is still no resolution to establish when to use "TimeStamp" or not. Later continue to analyze various matters contained in this legislation. There are resolutions that establish when to use "TimeStamp" or not. Later continue to analyze various matters contained in this legislation


More information: http://www.cenatic.es/laecsp/

Monday, August 16, 2010

Pokemon Friendship Bracelet Pattern



A new draft law is in creation, will be to strengthen the transparency of the English government, including among them not only the State, the Regional and Local, but also all those agencies to develop public activities such as professional , communities of services and / or universities.

This law seeks to strengthen the right of citizens to know the information public, thus trying to avoid and to establish greater control for the government to prevent corruption of public office personalities in various public entities. The deadlines for responding to requests from citizens are in principle than thirty days, although in some cases be extended to another thirty days, and in principle in cases where not treated or unjustifiably denied access to information part of the Public Administration for, you can then go through the administrative to demand access to information, however, to avoid the delays and costs the same, it may appeal to the English Agency for Data Protection, the which will be renamed English Agency for Data Protection and Access to Information. "

All this of course, unleashed a number of issues, such as: Will the other Data Protection Agency such as Madrid, the Basque or Catalan, competence in this area? Is it affected the rules on data protection for this new standard? What is certain is that this is a bill in general and in my opinion, will be part of the citizens a good agreement given the large cases of corruption that have plagued many public authorities in this country.


In two months, and after seeking the arguments of the parties, the director of the agency currently Artemi Rallo, professor of constitutional law, render a decision. The government wanted good measure, and in this requirement does not apply positive silence, but the negative. Moreover, their rulings only affect Administration central, not the regional or local.

The latter, under an amendment to Law Local Government, citizens must submit their request "copies and certifications arrangements of local government and its history "and allow them to consult their files and records.

administrations are not limited to answering information requests, but must anticipate dissemination. "The public authorities provide the information disclosure of which is of great importance in guaranteeing the transparency of its activity," says the text. And in the Internet age will "preferably by electronic means."

For more information:

Does Alcohol Affect Tendonitis

SPAM



Because I think it's an issue that affects almost everyone, I decided to post to the types of communications that I bring that I think may be useful to ward off the companies without our prior consent, engaged in "Spam" by various means such as e-mail, the phone either via landline or mobile phone and even by fax, the latter also known as "spam-fax ". Well as I said then that we give the text refer to the company or company that we are "spam" taking into account the medium they are using in each case.

" ANTI SPAM EMAIL "

I appreciate it would stop sending me e-mail advertising. My email is xxxxxxxx@hotmail.com

Otherwise I will have to file a complaint with the English Agency for Data Protection against his employer, for failure Article 21 Law 34/2002 of 11 July, Services Society of Information and Electronic Commerce and the provisions of Article 38.1 h Law 32/2003 of November 3, General of Telecommunications. Reserving the right to use as supporting documentation, advertising emails received from your company.

ANTI SPAM SMS/MMS- "

I would appreciate they ceased to send advertising via SMS / MMS. My number is 6xx xxx xxx

Otherwise I will have to file a complaint with the English Agency for Data Protection against his employer for breach of Article 21 Law 34/2002 of 11 July, Services of Society of Information and Electronic Commerce and the provisions of Article 38.1 h Law 32/2003 of November 3, General of Telecommunications. Reserving the right to use as supporting documentation, the SMS / MMS received from your company advertising.

ANTI SPAM -FAX "

I appreciate it would stop advertising via FAX enviarm. My number is 943 xxx xxx

Otherwise I'll be forced to file a complaint with the English Agency for Data Protection against his employer for breach of Article 21 Law 34/2002 of 11 July, Services of Society of Information and Electronic Commerce and the provisions of Article 38.1 h Law 32/2003 of November 3 General of Telecommunications. Reserving the right to use as supporting documentation, the advertising FAX received from your company.

On the other hand, I recently read in a Post Samuel Parra ya.com, France Telecom, and sales calls, KO , which indicated the steps and the long road he had to go to to stop telephone call with the intention of offering Internet services, however it should be noted, it is possible to stop calling us home, although this then requires a two-year average of claims documents and requests as Samuel says Parra in his blog:

has needed only 2 years to obtain by legal means ya.com (France Telecom) to stop calling my home to sell their products under the pressure of the next call that comes directly entail a fine of up to EUR 300000.

Note of interest: In the net I found this entry in your experto.com which I found very interesting: http://www.tuexperto.com/2008 / 11/24/como-evitar-recibir-llamadas-comerciales-en-el-telefono-fijo-o-movil /

Monday, May 17, 2010

Parts For Aromatherapy Diffuser

May 17, the day of Internet




What

Internet and what is it? Strictly according Wikipedia , decentralized Internet is a collection of interconnected communication networks that use the protocol family TCP / IP, ensuring that heterogeneous physical networks that make up work as a single logical network, global . Since today is the day the Internet, the day's main objective is to disseminate and promote the use of the Internet on society, it does not hurt to ask What is Internet? What is your goal or purpose? In my opinion, Internet or network serves and must serve more and more, to bring culture including as many people as possible, to communicate, to search for content and self-reported in a more free and objective, ultimately to relate, educate, educate and express ourselves freely. Therefore, we must celebrate the day the Internet. Because we are celebrating that the Internet is free information flows and content to today do not control nor metered large telecommunications companies and that this is still not forget such basic principles of network neutrality, by the network or Internet, should continue free of restrictions on the modes of communication allowed, or for content and communication is not unreasonably degraded by other communication and intermediaries. In short, the network continues to be a framework within which people can express themselves and interact in different ways and free without the pressure and restrictions that some lobbies as the major telecommunications companies want to do.

Happy Internet Day to all of you

Friday, May 14, 2010

Dickies Warehouse Singapore

"The Data Protection Act and the rights and obligations of workers'


I want to emphasize one of the most controversial and contentious issues that I usually find when I perform audits on the protection of personal data. Of today is not one that referred to the rights of employees or workers and the right of companies to control the proper use and optimization of its technological resources such as Management Systems Information corporations, such as corporate email, computer equipment and software company, access and proper use of Internet and so on. So I recommend reading the following detailed guide for some time published the AEPD (English Agency for Data Protection) on its website www.agpd.es . Protection data labor relations, is a comprehensive and enlightening guide on what can and can not do a company when it comes to monitoring the correct and efficient management of information systems such as controls, biometric fingerprint, video surveillance controls on the computer, revisions and / or remote monitoring or analysis, indexing of web browsing, review and monitoring of email and / or the use of computers, controls on the worker's physical location by geolocation etc. with all these inspections, the chances of impact on workers' rights are multiplying.

On pages 27 and 28 of that guide, it states that development of entrepreneurship and in particular, when deciding to adopt a measure of control that involves a personal data must applied principle of proportionality. It must also comply with the duty of informing employees, this duty is particularly relevant in the case of controls on Internet use and / or email. In this case it is recommended that information workers is clear in relation to company policy regarding use of email and the Internet, describing in detail the extent to which workers can use the communication systems the company private or personal purposes. Eg It may be perfectly reasonable to provide a geolocation device tasks such as transporting goods for which it is relevant to know where is the vehicle and when you can perform a particular delivery. This can not be assumed that provision of a device of this nature to all employees of the company when its kind of provision makes it unnecessary, so there must be a purpose in this case, there can be other than that fixed by ET Art 20.3 "to verify compliance by the employee of their obligations and work duties."

must remember what was said about the existence of a widespread social habit of tolerance for certain personal uses moderate computer resources and communication provided by the company to employees. This tolerance also creates an expectation of confidentiality in those applications; expectation that can not be ignored, but not become a permanent impairment of corporate control, because even if the worker is entitled to respect for her privacy, can not impose this respect when using a means provided by the company against the instructions issued by it for use and without the checks provided for such use and to ensure continuity of service. Therefore, you need to do business in accordance with the requirements of good faith is to establish in advance the rules of use the media-with application of absolute or partial, and inform workers that will be control and the means to be applied in order to verify the correctness of the applications, as well as the measures to be taken in case to ensure the effective use of the work environment when necessary, without prejudice to the possible application of other preventive measures such as exclusion of certain connections. Thus, if the medium is used for private use against these prohibitions and knowledge of controls and measures may not be understood that, when monitoring has been violated "a reasonable expectation of privacy" in the terms establishing the European Court of Human Rights June 25, 1997 (case Halford) and April 3, 2007 (case Copland) to assess the existence of an injury to Article 8 of European Convention for the protection of human rights . (Judgement of the Board Social of the Supreme Court of 26 September 2007).

Wednesday, May 12, 2010

39 Weeks Pregnant Sharp Pains

New Masters in social networks at the University of Deusto (Bilbao)


yesterday by one of the groups I belong to Linkedin, I learned that the University of Deusto, has developed a specialized master's degree in Social Networks, the master has several areas, which are discussed many issues such as security, legal, commercial and advertising field, reputation, the various tools available on social networking, social network consulting and many more issues to see the full schedule, http : / / www.masterenredessociales.deusto.es/programa/ .

The master costs about 12,500 € and has a total of 60 credits, so I could know in principle, will be held in Bilbao, so face, but I do not know if there will also be done via on-line .

Ultimately, Masters is a very interesting, but will have to see if you have good reception at this time of crisis.

Updated: Yes, there is no training mode or on-line classroom, as is explained in http://www.masterenredessociales.deusto.es/programa/ .

Friday, May 7, 2010

Side Effects Of Stopping Yaz

"I'm not on Facebook" social networks "


I decided to make this post because the truth is that I was surprised to read in the "New York Times" in its technology section, the following news:

"Facebook Privacy Glitch Brings New Worries " On Wednesday, users discovered a glitch That Gave Them access to supposedly private information in the accounts of Their Facebook friends, like chat conversations ... Not Long Before, Facebook Changes That Had Introduced Forced Essentially users to choose entre about making information available to Their Interests Anyone or Removing it Altogether ... Although Facebook Quickly Moved to close the security hole on Wednesday, the Heightened Breach Among many users a feeling That It Was Becoming hard to trust the service to Protect Their personal information.

.. I recommend reading the whole article because I found very interesting and maybe then we realize the real risks of Facebook, the whole story You can consult the www.nytimes.com

Coincidences of life, two weeks ago I also gave low in Facebook, as well as Jeffrey P. Ament (contractor for the U.S. government, quoted in the article NYT) I do not trust the security policy data takes place Facebook, I, who among other things dedicated to the protection data, was tired of watching constantly violates the privacy rights of individuals and Facebook for this violation to me is clear. If we read and study its privacy policy, we know roughly what to expect but if this privacy policy changes every few minutes, and there can be at least in my case, any confidence in this network. So I called attention to this news, because amongst other things, as could access information from our contacts chat certainly something that most users are unaware of or ignored, for these kinds of questions I decided I did not want join Facebook.

However, I must say that to enhance business and improve sales, such as when launching a product or service to market I think is a very useful tool, more so when combined properly with other tools like youtube, twitter or other social networks, and that could generate added value to our company as well as giving greater visibility in the market for media advertising campaign, which surely would result in increased sales and therefore income of the company. But if we use Facebook as a social network in the strict sense, ie to relate to these old friends and are friends or acquaintances who do not see much time or close friends, I think in this case is a tool when less dangerous, as no consider Facebook as a secure channel for that type of relationship, so among other things, I have chosen not to be in facebook .

Update / note of interest 1:

http://profesores.ie.edu/enrique_dans/download/facebookprivacy-cincodias.pdf .

Update / interesting note 2:

http://www.blogoff.es/2009/10/28/10-situaciones-que- want-keep-on-facebook-and-how-to / (in Castilian) / http://laptoplogic.com/resources/10-things-not-to-do-on-facebook (in English).

Update / interesting note 3:

http://www.enriquedans.com/2010/05/ talking-on-facebook-and-privacy-in-five-dias.html

Update / interesting note 4 : http://www.nytimes.com/2010/05/13/technology/personaltech/13basics.html?ref=technology

Update / interesting note 5 : http://www.genbeta.com/redes-sociales/myspace- improve-your-setup-of-privacy

Tuesday, February 23, 2010

Steel Seal Vs Thermagasket

windows privacy?


few days ago, I read in various media and to discuss in groups of professionals on privacy Google Buzz , the new product / service Google which was released the market last February 2. Google came back into the social networking world (as it did previously in 2004 when he launched the social network Orkut ), aiming this time to develop a new network, giving rise to Gmail users and other Google products can manage and share information more efficiently and in real time. So far everything seems to be positive, however, and this part of the problem and the reason why the company has received substantial criticism is that when a user is enlisted in the service, the default application, making the user's contacts with the 40 who have more treatment through email and chat and adds to his followers to Google Buzz. This might be fine if it had not been because maybe the user does not want anyone to know that people will follow and which continues, especially if we think about countries where freedom is restricted and where it is appropriate that a person is relate to particular individuals or political trends, as is the case of lovers or private relationships that are not public in nature are those that can link users to members of competitors, journalists and their sources, doctors and patients etc., make those public lists can create serious problems

IMHO, Google does not seem to have done so in bad faith or knowingly or above certain ethic to achieve greater acceptance of the product in question or a better return it, I think it was an oversight in the rush to provide a more efficient and user friendly. However should care more for the privacy of its products, it is a subject which has received criticism and by his own competitors like Facebook and also have previously received. Also worth noting that the privacy or data protection is an issue to be taken into account in the European market in order to comply with the law force and the willingness of users if they wish to maintain the privacy of what your contacts.

Finally, I believe that although the service benefits are substantial, we must also consider the cons that it entails. Also stressed that, as happens with other social networks in order to maintain the privacy standards is highly recommended to learn before our rights as users of the same well as the tips and manuals from protection agencies data are provided to users (AVPD , AEPD ).

Before to finish this post, I checked that from the Gmail Blog , and there was no response by Todd Jackson the wave of complaints from many disgruntled users, it explained that the original intention was to disseminate the way Buzz "quick and easy, so that users do not have to create a network from scratch." However, as published "The Country" a week ago: " Information Center Electronic Privacy ( EPIC) of the United States has filed a complaint with the Federal Trade Commission (FTC) arguing Buzz violates federal law protecting the user. The EPIC complaint urges the FTC to complain to Google Buzz is a completely independent and stop using private contact list from Gmail to compile lists and create the network in addition to giving the user a "significant control" over their data personal. "This is a significant blow to the expectations of privacy that users have. Google does not should be allowed to use the personal information of users to create a social network that they have not asked," said EPIC executive director Marc Rotenberg.

hope that this unpleasant situation, the Google team draw the appropriate conclusions not to happen again this sort of thing, and that social networks can be very good, but should never be windows for privacy.

Thursday, January 28, 2010

Will Tricare Pay For Scooter Trailer

EUROPEAN DAY OF PROTECTION DATA


Today January 28, 2010, after three years since the year 2007 will be held for the first time European day of data protection, today celebrated the fourth edition of it, in general, we can say that there is greater awareness among citizens about the responsible use of personal data, however continue to be used so little to recommend some tools like those offered for some time social networking. In them the most vulnerable and most disadvantaged, are them children and teenagers, as many of them unaware of the risks they contain.

Therefore education is key in data protection to be afforded to children and parents about the use of Internet and specifically on the use of social networks, P2P networks etc.., establishing containment measures such as those developed from the Provincial Gipuzkoa www.gipuzkoa.net "Internet Safe" with a tool that performs an audit on the security status of your PC and also includes sub-tools such as content filtering to prevent access to unwanted Internet. There are also other types of manuals and tools like those found on the website of the Basque Data Protection (AVPD). These include a series of episodes of cartoons, such as: the Adventures of Reda and Net: in which is displayed to smaller Internet risks and caution should be taken with personal data. Also for children and adolescents of other ages, there are manuals or guides with various assumptions of daily life in the irresponsibility committed in the transfer of personal data, such as Technology Manual for Young between 9 to 11, 12 to 14 and finally the 15 to 17 years.

from the English Agency for Data Protection (AEPD) there are also various initiatives such as the manual Recommendations under 2008 ", these tools and more are available to citizens, parents, teachers, students .. . so through this post I thought it appropriate on a day like today make them known and disseminated to the extent possible. Lastly

note the new application of self-assessment has been made available to the public the English Agency for Data Protection (AEPD). After testing it a bit yesterday, I must say that I found the least interesting, although you have to spend between 30 and 45 minutes, I think that without doubt this new tool will for at least another post.


Wednesday, January 27, 2010

Can I Use Yaz As Emergency Contraception

"PERSONAL DATA AND CLOUD COMPUTING"


This "Post" comes around the Privacy Policy of the services offered by Google Apps in their adaptation to national and European law on data protection and telecommunications. More than a year, published a report by the consulting "Forrester", "Should Your Email Live In The Cloud? A Comparative Cost Analysis " which declared the virtues and savings of Google services company in the field of the applications used by businesses such as telecommunications systems, messaging etc. This first report was analyzed by the law firm "Almeida.com", in particular by Javier Maestre, in the article "The Tale of the Milk 2.0", published by the world, is in which questioned the legality in telecommunications as well as privacy and data protection services offered by Google Apps. Which elicited immediate response from the director of Google Enterprise Spain and Portugal, Carlos Gracia Armendáriz article "This is not a fairy 2.0", also published by the World .

Therefore the hard and generated controversy around the privacy policy of Google Apps services, I will proceed to analyze the current situation around the Privacy Policy messaging service Google (Gmail) and the approach of possible solutions to issues or questions that may arise.


In this case, if we consider the obligations established by the LGT, we note that in this course if a company decides to install and use Gmail as internal e-mail service or to its employees and / or persons or related third parties with the marketing or development services company use it, not be considered to Gmail or service contracting company as a telecommunications operator, because the service is not disseminated to provide telecommunication services but used as a technological tool most of the company. However, if a stricter interpretation and yes it is applicable Rule 6.2 of LGT ("requirements for the operation of networks and the provision of electronic communications services. 2. Those interested in the exploitation of a given network or the provision of a particular electronic communications service shall, before at the beginning of the activity, by written notice to the Market Commission (CMT) on the terms to be determined by royal decree, subject to the conditions for the exercise of the activity they undertake. are exempt from this requirement those network operators and electronic communications services under a provision ".

LGT also includes among its provisions the following duties:
"must register with the Registry of Operators of Networks and Electronic Communications Services, managed by the CMT, the companies that provide any of the following services"
• Service access to the Internet.
• Email Service (now of course).
• Service access to databases.
• News Service.
In this case, both Google and the service contracting company should be registered in the register of operators of networks and electronic communications services "for e-mail service of CMT. Failure to comply with the provisions described above and if we applied a strict legal precepts laid down in Article 6.2 of the LGT, both Google and the contracting company's email service (Gmail) could be punished for "conduct which are typified as very serious offenses, such offenses are set out in Article 53 a) t), the amount for this type of violation is reflected in turn in Section 56.1 (Penalties) in apartado1 b). The amount of the penalty shall be determined in each case, and will be tied to gross profit, with the sum not less than this amount, not more than five times of it. According to law, the applicable maximum is two million euros to be a very serious infringement is regarded as the LGT. Against this decision may bring an appeal and justification of the documentation submitted for review by the CMT. And if no agreement, the defendants could go to the Provincial Court. However this would be the worst and we must keep in mind that can only be interpreted in this way if the contracting company should give an email address to third parties not belonging to it, it would be sufficient to not give such email to a third party to avoid the penalty. Besides all the above, the CMT difference between the figure of Reseller and distributor of electronic messaging service, the difference is that the first gets direct benefit (direct gain) for providing the service and the second in principle.

However, it would be appropriate that Google's privacy policy or signing contracts with new clients to hire their services to Google Apps or specifically in this case the electronic mail (Gmail), inclusion of a clause expressly prohibiting the hiring company the possibility of providing e-mail accounts (the "Gmail") to non-members of the same, or possibly if I did so expressly providing that it is done at your own risk. Also highly recommended that Google would be monitored to the extent of possible compliance with this clause. In short, we must avoid creating email accounts to clients, partners and other third parties outside the strictly personal member of the staff of the service contracting company, because not choose this path, it must meet the requirements LGT in its Article 6, as we will be acting as providers of telecommunications services and we do not find recorded in the Register of network operators and electronic communications services "for services e-mail, we may be subject to such measure by the CMT. While it is clear that the CMT does not act in office, however there are decisions of the CMT in which penalties were imposed for offenses similar to those described above, so they are recommended to take measures previously established. An example of a penalty provided for violations of Article

Finally note that registration as a telecommunications operator is a free procedure. However, if you perform an economic exploitation of the service these companies will be required to pay annual rates to account for 1.25 per 1,000 of the gross operating income. Is ie if the turnover is not high, the applicable rate will be minimal.

Data Protection / Privacy Policy:

As data protection is concerned, we must consider the legal rules established by the Data Protection Act, which implements the RDLOPD and the 2000 Commission Decision of 26 July in accordance with Directive 95/46/EC of the European Parliament and Council on the protection afforded by the Safe Harbor Principles for the Protection of Privacy and related frequently asked questions published by the U.S. Commerce Department . UU., 2000/540/EC.
For Google to be a company that servers available in different states around the world, should take into account where these servers are located, ie if we speak of member states shall apply the Directive 95/46/EC, but for the servers are located in States that do not belong to the space of the European Community should be observed if they have some kind of agreement or contract, that sets the appropriate security measures and if otherwise express permission must be sought for international transfer of personal data to the Director of the English Agency for Data Protection.
In the present case arise as an example for the reception Data supplied by the company contracting English two countries, Ireland which is a member of the European Union, so it will be covered by Directive 95/46/EC of the European Parliament and Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and the free movement of such data. And the U.S., in this case is different because being a non-Member State will be implementing Decision 2000/540/EC of the European Commission of 26 July 2000 under Directive 95/46 / EC of the European Parliament and Council on the protection afforded by the Safe Harbor Principles for the Protection de la Vida Privada y las correspondientes preguntas más frecuentes, publicadas por el Departamento de Comercio de EE.UU. Por lo que para garantizar la efectividad de la decisión, el Departamento de Comercio de Estados Unidos de América, o su representante, debe mantener a disposición del público una lista de entidades que auto certifiquen su adhesión a los principios y a su aplicación y quedar sujetas a la jurisdicción de la “Federal Trade Comission” (FTC Comisión Federal de Comercio), con arreglo a la competencia que le confiere el Artículo 5 de la Ley de la Comisión Federal de Comercio, o del Departamento de Transporte de Estados Unidos, con arreglo a la competencia que le confiere el Artículo 41.712 Title 49 of the United States Code, which shall be empowered to investigate complaints that are submitted and to obtain relief against unfair or deceptive practices, as well as redress for individuals who are subject to the jurisdiction, regardless of their country of residence or nationality.
be considered as well, according to the requirements of Directive 95/46/EC, the safe harbor principles ensuring an adequate level of protection for personal data transferred from the European Community to entities in the United States, provided that the recipient of the data (in this case Google) has advised the Department of Commerce United States or his representative, unequivocal and public commitment to comply with these Safe Harbor Principles and is subjected to the jurisdiction to which we have referred. Notably
adherence to the safe harbor requirements, is voluntary, both to register now to access the public list of institutions subscribing to the safe harbor requirements, can be done by accessing the Department's Web of Commerce USA:
http://www.export.gov/safeharbor/Safe_Harbor_Instructions.asp (on this website we can observe the laws and jurisdictions that are applicable to the Safe Harbor and the content thereof). In this address we can access list of entities subscribed to the requirements established by the Department of Commerce United States in regards to the Port Security:
http://web.ita.doc.gov/safeharbor/shlist.nsf/webPages/safe+harbor+list . Google currently
is registered in the register of the Website (http://www.export.gov/safeharbor) specifically in the "Safe Harbour List or Safe Harbor List, at the following address listed below :

http://web.ita.doc.gov/safeharbor/SHList.nsf/f6cff20f4d3b8a3185256966006f7cde/9d486b16464df0648525709b006df57c?OpenDocument&Highlight=2, GOOGLE (Which leads to the following):


of information displayed on this record it appears that Google has voluntarily subscribed to the Safe Harbor document which details the general principles and obligations adopted by Decision 2000/540/EC of the European Commission of 26 July 2000 under Directive 95/46/EC (in particular Article 25 paragraphs 2 and 6 and Article 26 paragraph 3) of the European Parliament and Council on the protection afforded by the Safe Harbor Principles for the Protection of Private life and related frequently asked questions published by the U.S. Department of Commerce As reflected in paragraph sixteen of the register of the Department of Commerce on Port Security:

"Do you Agree to COOPERATE and Comply with the European Data Protection Authorities? Yes "

Safe Harbor is a decision on adequacy of sector to eligible exclusively US-based companies, so you can not extend its application, and at some point we have tried (and even still pretending) to affiliates of American companies based outside this country.

However, it is important to note that in addition to the qualifications, duties and obligations provided in the documentation that it has entered the safe harbor Google, which also acquires commitment to meet the obligations and duties contained in Decision 2000/540/EC of the European Commission in 2000 of 26 July. Also be taken into account that the Commission has established that all decisions (including Decision 2000/540/EC on the assignment of states to the U.S.) to adapt to third countries approved to date by the Commission are a number of common elements. First, the decision set, exhaustively, that the application of the same concerns only data transfers to the third country from the EU and in any case, the other conditions and obligations under national law of each State member. In the case before us, this means that in addition to the obligations contained in the Safe Harbor requirements to which you have subscribed to Google, you must also comply with English legislation on data protection.

addition, without prejudice to the powers assigned to them by national laws, is given to the supervisory authorities of the Member States the possibility to block a particular transfer when the supervisory authority of the third country has determined that the organization has violated the conditions of the decision or if there is a substantial likelihood that the rules are being violated and data protection supervisory authority of the third country has not taken or will take steps to resolve the case, the continuing transfer would create imminent risk of grave harm to those affected and also the authority of the Member States has made reasonable efforts to provide the party and provide the opportunity to respond.

Having analyzed the general framework of international transfers of personal data in the Directive, we will deal with the U.S. case To begin, we must ask why there is a problem between the U.S. and the EU. The problem stems from the existence of two different understandings of what privacy is and means and mechanisms to be used for its preservation.

For the EU, the protection of personal data is a fundamental right of citizens. This is recognized explicitly some Member States' constitutions (English, among them). In addition, both the EU through various policies and its Member States to transpose them, have adopted mandatory legal rules and general in establishing the principles and rights that citizens have regarding the treatment of personal data. Finally, in all Member States have independent supervisory authorities responsible for overseeing compliance with the relevant legislation.

Meanwhile, U.S. protection data available is considered a part of citizens, partially covered in a multitude of specific and sectoriales8 no connection between them, putting almost all the emphasis on self-regulation and without any authority or authorities responsible for ensuring effective compliance with the rules and the application of universally accepted standards. Therefore, this situation made it impossible to adapt a statement of U.S. by the European Commission.

membership system by companies voluntarily to the requirements of Safe Harbor, is based exclusively on a statement unilateral respect companies that meet Safe Harbor requirements and, subsequently, control of compliance shall be entrusted to an audit can be carried out by the entity's internal staff. That is, is a self-certification scheme, self-regulation and self-evaluation in which they can not ever exist external controls on the activities and data protection practices of companies adhering to the Safe Harbor.
Al
be applicable English law the Safe Harbor addition, we must consider the scope in terms of English legislation on data protection is clarified by Article 2 of the Data Protection Act Scope.
1. The present Act shall apply to personal data recorded on a physical medium that makes them amenable to treatment, and any form of further use of this data by public and private sectors.
is governed by the present Act any processing of personal data:
a) When the processing is carried out on English territory in the framework of the activities of an establishment of the controller.
b) When the controller is not established on English territory, it is applicable English law under rules of public international law.
c) When the controller is not established in the territory of the European Union and used in the data processing means located in English territory, unless such equipment is used only for transit purposes.

Regarding the latter legal document Limiting ourselves to the English case, if you want to transfer data to a third country with the aim of which occur in the same treatment on behalf of the person referred to in Spain, regardless of the mechanisms used to legitimize the transfer (right host country, contractual guarantees, etc.) must fulfilled the obligations under Article 12 of Law 15/1999 of 13 December on the Protection of Personal Data (Act), on the regular compulsory treatment under a contract that includes a number of prerequisites .

Similarly, if the transfer constitutes a transfer or communication of data, in order to do be to sit in the presence of any of the cases lawfully present in Article 11 of the Data Protection Act.
Also, in addition to the two articles cited, should also be taken into account in order to comply with its obligations under the English legislation on protection personal data Article 10 of RDLOPD, which lays down the cases in which legitimizes the use or transfer of data. Also must comply with the legal provisions contained in Article 21 RDLOPD in the event that Google outsources part of its service to other companies, as might happen if the information maintained in Ireland and U.S. because this leads to a service contract, so that should meet the provisions of that Article. Shall also apply Article 22 for the retention of data by the processor (in this case Google).
Article 12 of RDLOPD (Principles general), the application will also be indirectly:
1. The controller must obtain the individual's consent for the processing of personal data except in those cases where it is not enforceable under the provisions of the law.
The application for consent must be referred to a treatment or series of specific treatments, with delineation of the purpose for which it collects and the other conditions attending the treatment or series of treatments.
2. When requesting the consent of affected for the transfer of your data, it must be informed in order to know unequivocally to which data will be used for the disclosure of which consent is sought and the type of activity conducted by the transferee. Otherwise, the consent shall be void.
3. Controller correspond to the proof of the existence of the consent of affected by any form of evidence admissible in law.
Finally it is noteworthy that as the Article 12 Data Protection Act obligations as a manager referred to treatment, also the owner of the file (hiring company) must be watchful and diligent in choosing to charge for treatment by It must verify that the treatment charge (in this case Google), complies with the measures established by the RDLOPD 1720/2007, in particular as to the security measures laid down in Article 88 of RDLOPD referred. This article provides the following measures that the contracting company should ask Google through timely periodic checks, for that Google should procedimento current security processes in which compliance with technical security measures laid down in Article 88 the RDLOPD (Security Document), including:
1. The data controller responsible produce a security document shall address the technical and organizational keeping with current safety standards will be compulsory compliance staff with access to information systems.
2. The security document may be unique and comprehensive of all the files or processing, or individually for each file or treatment. It also may be developed by grouping various security documents as files or processing the treatment system used for your organization, or organizational basis of the official criteria. In any case, will have an internal document of the organization.

3. The document must contain at least the following aspects:
a) Scope of the document containing detailed specification of the protected resources.
b) measures, standards, operating procedures, rules and standards aimed at ensuring the security level required by these regulations.
c) roles and responsibilities of staff in relation to the processing of personal data included in the files.
d) Structure of the files with personal data and description of information systems that treat them.
e) Procedure for reporting, managing and responding to incidents.
f) The procedures for performing backup and recovery of data files or automated processing.
g) The measures to be necessary for media transport and documents, as well as the destruction of documents and media, or where appropriate, reuse of the latter.
4. If that would be applied to files security measures or measures average level of high-level security provided for in this title, the security document must also contain:
a) The identification of the person or persons responsible for safety .
b) Periodic inspections to be carried out to verify compliance with the provisions of the document itself.
5. Where a data processing for third parties, the security document must contain the identification of the files or treatments that are addressed by way of charge with specific reference to the contract or document governing the conditions of the order, as well as identifying the controller and the duration of the assignment.
6. In cases in which personal data of a data controller will be retained exclusively in the systems manager, the manager should note this in your document security. When such circumstances affect some or all of the files or treatment of the head, may be delegated the responsibility for keeping the security document, except for those data in its own resources. This shall be expressly in the contract under Article 12 Law 15/1999 of December 13, specifying the files or treatments affected.
In this case, we will attend to the security document manager for the purpose of compliance with the provisions of this regulation.
7. The security document shall be maintained at all times updated and reviewed whenever there are significant changes in the information system in the treatment system used in its organization, the content of the information contained in files or treatment, where, as a result of periodic inspections performed. In any case, it is understood that a change is relevant when it may affect compliance with the measures implemented security.
8. The contents of the security document must comply at all times, to the existing provisions on security of personal data.

All these obligations may be further specified in various ways, for example through codes Guys like those contained in the Website of the AEPD, in which privately establishing the obligations of the parties with respect to legal obligations on the protection of personal data would be more advisable to correct any defects that might result from inappropriate adaptation of legal provisions of English legislation adopts measures to Google now Another option is to include them in contracts to sign for Google and its customers or the inclusion of those legal measures in Google Privacy Policy.


Google the company to keep pace with the English and European legislation fully in the protection of personal data should be signed with its customers Treatment Contract Manager in setting out its duties and responsibilities.