Brokerage 2007 presentation regulation

369 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
369
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Brokerage 2007 presentation regulation

  1. 1. Legal and regulatory research Jos Dumortier
  2. 2. Core Research Areas  The Networked Individual  Access To And Control Of Information Information Security And Trust  Information Transport – Electronic Communications  The Electronic Society 2
  3. 3. 1. The Networked Individual  The Citizen  The Patient  The Consumer … 3
  4. 4. Example: the Citizen  E-Government: collect data once and re-use them subsequently for all government services  Data protection legislation: only use personal data for specific purpose for which they have been collected 4
  5. 5. Discussion: Legal limitations for the use of unique identifiers  Belgium: prohibition to use national number without specific permission  Belgium: promotion of e-ID (with national number) for private transactions 5
  6. 6. Discussion: How to validate electronic signatures without “using” the national identifier? 6
  7. 7. Similar problems  The Patient  The Consumer  Legal principle: collect data  Legal principle: no direct directly from the patient marketing without consent  E-health platforms: sharing  Personalisation technologies: health data (BeHealth, proposed legal framework for Flemish Health Information RFID System) 7
  8. 8. 2. Information: Access & Control  Content Regulation  Intellectual Property Rights  Public Information: Access & Re-use  Geographical Information Systems 8
  9. 9. Example 1: New legislation on re-using public information  European Directive: promote re-use of government-owned information in commercial applications  Example: company register (KBO)  Belgium: no re-use of personal data without anonymisation 9
  10. 10. Example 2: Geographical information and personal data  ROP (DORO 18/05/99)  Discussion: Can we publish the list of building lots (bouwgronden) on the Internet (without the land register number or the name of the land owner) 10
  11. 11. Opinion Privacy Commission 27/09/2006  Maps of building lots contain personal data! • personal data: all data containing information on an identifiable person • identifiable: every person who can be identified directly or indirectly • land owners are (very often) natural persons • via a map or an aerial photograph the name and address of the land owner can be discovered 11
  12. 12. Conclusion Privacy Commission 27/09/2006 - the Register of Building Lots (ROP) has a specific purpose (administration) - publication of these data on the Internet is not compatible with this purpose - OK for publication of aerial view but only on 1/50,000 scale and without possibilities for interactive selection 12
  13. 13. 3. Information Security & Trust  Electronic Signatures  Digital Preservation  Cybercrime 13
  14. 14. “Writing” 14
  15. 15. Example 1: Electronic employment contract  Draft law: possibility to conclude written employment contracts in electronic form  Signature by means of e-ID  Or by « equivalent » means  Employer should guarantee the electronic archival of the contract via an accredited trusted archival service provider (draft law) 15
  16. 16. Example 2: Trusted Third Parties  Draft law: Legal status of TTPs  Electronic archiving  Electronic time stamping  Electronic registered mail  Legal value of documents or transactions can be made dependent of quality conditions  Voluntary accreditation: independent technical auditors  Evaluation profile: to be drafted by technical working group (within Fedict)  Commission for Trusted Services: deals with complaints 16
  17. 17. Example 3: Preservation of invoices  In principle: 2 originals , 7 years (private consumer: 5 years)  Preservation in Belgium, or elsewhere in the EU (subject to on line access)  Authenticity and integrity must remain guaranteed 17
  18. 18. Digital archiving of paper invoices  Permitted by law since January 2006  Also valid for (« old » invoices)  Example: scan all my invoices of 2005  Only valid scans from original invoices (not from parallel files)  If invoice refers to order form: also scan the order form  Very important: scan results in a copy of the invoice  The authenticity and integrity of this copy should be guaranteed !!! 18
  19. 19. How to guarantee that a copy is « authentic »?  Authentic: copy = original  Not possible by technological means  VAT-Administration: keep your paper invoices for 6 months (after the date of scanning)  Example: I scan all my (paper) invoices of 2005 on 20 January 2007 – Keep original paper invoices until 20 June 2007 19
  20. 20. How to guarantee the integrity?  Scanning process: strict conditions Scanning software/configuration without edit/import possibilities Scanning (always) recto/verso - If verso only contains General Terms (scan only once) Keep original colors / Sufficient resolution  Unique identification number + date/time on the digital image  Immediately secure the digital image (advanced electronic signature or sealing algorithm+WORM) Identification of the person who scans  Secure scanning environment (protect access)   Possibilty for immediate retrieval (ex. by unique number)   Incoming invoices: first terminate the administrative process (or use OCR and keep  the data of the administrative process)  Back up   Document the scanning process (describe company, hardware, software, security  measures, etc…) 20
  21. 21. First method: scanning + advanced electronic signature  Scan recto/verso   Keep colors  Minimum 300 dpi/24bit-colors/JPEG2000  Isolated scanning module (no edit/import facility)  PDF or TIFF  Automatically add unique id-number  Add fields with id of operator, login name, date/time of creation, …  Immediately secure with digital signature  Outsourcing: certificate of outsourcer needed  Retrieval using unique id-number of invoice   Possibility to combine unique id-number with other identification data (needed to  process the result in ERP system)  Minimum application: 1 subbook of incoming invoices for minimum 12 months  starting 1 January (or start accounting year). 21
  22. 22. 2. Second method: scanning + sealing algorithm  Compose seal: seal of previous invoice, invoice date, invoice number,  scanning date, sequential nr, VAT numbers of provider/client, VAT amount, total amount  Generate seal (algorithm)  Store seal in a separate record with other data  Link record with previous record  Scan invoice  Write seal on the digital image  Store result on WORM disk   Keep disks on Belgian territory 22
  23. 23. 4. Information Transport – e-Communications  access to communications networks and services  interconnection and interoperability  network integrity and security  radio spectrum allocation  universal service 23
  24. 24. Example: Wholesale Line Rental (WLR)  Fact: introduction of competition in the market of “access to the telephone network from a fixed location” is very slow  Remedy 1: carrier selection / carrier pre-selection  Remedy 2: local loop unbundling  Proposed remedy 3 (intermediate): wholesale line rental (doorverkoop van abonnementen) 24
  25. 25. Convergence 25
  26. 26. Convergence Who is competent to regulate “converged” e-communications? 26
  27. 27. 5. The Information Society  e-Health  e-Voting  e-Business  e-Government  e-Learning  e-Banking  e-Justice … 27
  28. 28. Example: Proposed Directive on Payment Services  Europe: harmonisation of strict rules for payment service providers (banks, credit card companies, etc.)  New evolution: payment via mobile phone (mobile operator becomes a payment service provider)  Example: m-banxafe (Belgium)  Discussion: from which stage will we apply the strict rules for payment services to mobile operators? 28
  29. 29. Conclusion  IBBT: close interaction between:  Technical & User-Oriented R&D  Monitoring the Regulatory Framework for ICT- Applications 29
  30. 30. IBBT Research Groups 30

×