Flujo de procesamiento NLP

Terms and Definitions:

The following key definitions have been taken from Directives 95/46/EC, 2002/21/EC and 2006/24/EC and are used throughout this document. This is designed to act as a quick reference point when interpreting data protection jargon used in the various Directives.

Controller

• – The natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data.

Data Subject

• – A living individual who is the subject of the data.

EEA State

• – A state that is a contracting party to the Agreement on the European Economic Area signed at Oporto on May 2, 1992, as adjusted by the Protocol signed at Brussels on March 17, 1993.

Electronic mail

• – Any text, voice, sound or image message sent over a public communications network, which can be stored in the network or in the recipient’s terminal equipment until it is collected by the recipient.

Personal data

• – Any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity.

Processing of personal data (“Processing”)

• – Any operation or set of operations that is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or com-bination, blocking, erasure or destruction.

Processor

• – A natural or legal person, public authority, agency or any other body who/that processes personal data on behalf of the controller.

Recipient

• – In relation to any personal data, any person to whom the data are disclosed, including any person (such as an employee or agent of the data controller, a data processor or an employee or agent of a data processor) to whom they are disclosed in the course of processing the data for the data controller, but does not include any person to whom disclosure is or may be made as a result of, or with a view to, a particular inquiry by or on behalf of that person made in the exercise of any power conferred by law.

Registered company

• – A company registered under the enactments relating to companies for the time being in force in the United Kingdom.

Telephone service

• – Calls (including voice, voice mail and conference and data calls), supplementary services (including call forwarding and call transfer) and messaging and multimedia services (including short message services, enhanced media services and multimedia services).

The data subject’s consent

• – Any freely given, specific and informed indication of his or her wishes by which the data subject signifies his or her agreement to personal data relating to him or her being processed.

http://www.protiviti.com http://www.pillsburylaw.com http://europa.eu

http://www.ico.gov.uk/

http://www.opsi.gov.uk/

http://www.dutchdpa.nl http://www.cbpweb.nl

http://www.garanteprivacy.it/garante/navig/jsp/index.jsp http://www.privireal.org

http://www.export.gov/safeharbor/eg_main_018236.asp http://www.access.gpo.gov/congress/house

http://banking.senate.gov/conf/

http://epic.org/privacy/glba/

http://www.ftc.gov/bcp/edu/pubs/business/idtheft/bus53.shtm http://www.ftc.gov/privacy/glbact/glb-faq.htm

http://www.hipaa.org/

http://cdc.gov/mmwr/preview/mmwrhtml/m2e411a1.htm http://www.hipaa.com/

Pillsbury Winthrop Shaw Pittman LLP is a full-service law firm with market-leading strengths in the energy, financial services, real estate and technology sectors. With offices in the world’s major financial and technology centers, we counsel clients on all aspects of global transactions and litigation. Our multidisciplinary teams allow us to anticipate trends and offer a 360-degree perspective on complex business and legal issues—helping clients take greater advantage of opportunities and better mitigate risk.

The firm’s multidisciplinary Privacy & Data Protection practice provides counsel and services on the gamut of legal issues and litigation relating to privacy, data collection, information security and information management. Two of the firm’s attorneys, Deborah Thoren-Peden and Wayne Matus, are recognized in Chambers USA 2009 and Chambers Global 2010 as leading attorneys in privacy and e-discovery, respectively. Pillsbury’s privacy team drafts, implements and revises privacy and security policies related to customer, employee and vendor information; provides training on policies and procedures; prepares appropriate contract provisions; handles a broad range of privacy-related disputes and litigation;

and assists companies both when a security breach occurs and to prepare for handling such an occurrence. When clients are engaged in marketing, outsourcing, data modeling or joint ventures, the team guides them on the privacy issues these activities may raise.

The team also works in close collaboration with related firm practices such as Communications, where we counsel on privacy issues arising under the Communications Act and subject to the jurisdiction of the Federal Communication Commission, and Global Sourcing, where we advise on restrictions and requirements for outsourcing arrangements with domestic and international service providers.

Pillsbury continuously provides our clients and other members of the privacy industry with complimentary updates in the form of client alerts and articles, as well as speaking engagements and comments to the media on new privacy developments. In 2009, the practice’s attorneys spoke at a number of important conferences including the Information Systems Audit and Control Association (ISACA); the Association of Corporate Counsel (ACC); the Knowledge Congress;

and the California Bankers Association. We have also prepared numerous client alerts and written articles and chapters in privacy treatises.

For more information about Pillsbury’s Privacy & Data Protection practice, please go to www.pillsburylaw.com or contact:

Rafi Azim-Khan +44.20.7847.9519

[email protected] Gerry Hinkley

+415.983.1135

[email protected] Wayne Matus

+212.858.1774

[email protected]

Catherine Meyer +213.488.7362

[email protected] John Nicholson

+202.663.8269

[email protected] Deborah Thoren-Peden

+213.488.7320

[email protected]

Protiviti (www.protiviti.com) is a global business consulting and internal audit firm composed of experts specializing in risk, advisory and transaction services. We help solve problems in finance and transactions, operations, technology, litigation, governance, risk, and compliance. Our highly trained, results-oriented professionals provide a unique per-spective on a wide range of critical business issues for clients in the Americas, Asia-Pacific, Europe and the Middle East.

Protiviti has more than 60 locations worldwide and is a wholly owned subsidiary of Robert Half International Inc. (NYSE symbol: RHI). Founded in 1948, Robert Half International is a member of the S&P 500 index.

About Protiviti’s Privacy and Security Management Practice

Protiviti’s Privacy and Security Management practice includes compliance executives, former regulators and information technology specialists with deep credentials in developing, implementing, and executing world-class Privacy programs for companies of all sizes across industries and geographies. We understand the unique challenges associated with aligning business objectives, compliance requirements, and technology constraints, and offer proven, practical insights to manage these challenges.

Our services include:

Designing and executing global Data Privacy Improvement Programs including Data Privacy inventories, Privacy

•

impact and risk assessments and Privacy compliance audits

Developing Information Security risk assessment frameworks, written compliance programs, Board reporting

•

strategies and templates, and independent testing plans

Assisting companies to implement new or revised Privacy requirements imposed by law or regulation, including U.S.

•

requirements, EU Data Protection Directives, and establishing Safe Harbor and/or Binding Corporate Rules (BCR) programs

Enhancing the effectiveness of identity management approaches to improve privileged access to information

•

Helping clients improve the effectiveness of their Data Governance programs by assessing the lifecycle of data

•

management, covering areas as data usage, quality, integrity, Privacy, and effective records and discovery risk management

Developing breach response programs, and assisting in the investigation and resolution of actual Security and

•

Privacy breaches

Executing Security and Privacy vulnerability assessments to test controls in place to maintain compliance, and

•

improve the strength of the technology infrastructures supporting the enterprise

For more information about Protiviti’s Privacy and Security Management capabilities, please contact:

Carol Beaumier +212.603.8337

[email protected] Mike Brauneis

+312.476.6327

[email protected] Hernan Gabrieli

+39.02.6550.6301

[email protected]

Ryan Rubin +44.207.389.0436 [email protected] Cal Slemp

+203.905.2926 [email protected]

www.pillsburylaw.com

© 2010 Pillsbury Winthrop Shaw Pittman LLP.

All rights reserved.

www.protiviti.com

© 2010 Protiviti Inc.

An Equal Opportunity Employer.