Upload
barry-cooley
View
42
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Introduction to corporate security. Teemupekka Virtanen Helsinki University of Technology Telecommunication Software and Multimedia Laboratory [email protected]. 3. Lecture - Legislation. Why legislation is important for an organization and its security - PowerPoint PPT Presentation
Citation preview
MINISTRY OFSOCIAL AFFAIRS AND HEALTH
1
Introduction to corporate security
Teemupekka VirtanenHelsinki University of Technology
Telecommunication Software and Multimedia Laboratory
MINISTRY OFSOCIAL AFFAIRS AND HEALTH
2
3. Lecture - Legislation
Why legislation is important for an organization and its security
Some Finnish legislation related to security Co-operation between an organization and authorities
MINISTRY OFSOCIAL AFFAIRS AND HEALTH
3
The level of understanding
Understanding the meaning of legislation in the operations of an organization
Engineers are not lawyers and they should not try to be A person who for the purpose of favouring a foreign state or damaging
Finland procures information on a matter concerning the Finnish defence or other preparation for emergencies, Finland’s foreign relations, State finances, foreign trade or power supplies or another comparable matter involving Finnish national security, and the disclosure of the information to a foreign state can cause damage to the Finnish defence, national security, foreign relations or economy, shall be sentenced for espionage to imprisonment for at least one and at most ten years. (Penal code, 12 sect §5)
MINISTRY OFSOCIAL AFFAIRS AND HEALTH
5
A written version of the moral of society
Society requires that there are some rule how to behave The rules of co-operation between entities
Citizens, the state, organizations etc A tool to solve conflicts between entities The content and applications depend on local moral
MINISTRY OFSOCIAL AFFAIRS AND HEALTH
6
A words from God
Legislation itself is important Laws is not followed because they make life easier but because laws
must be followed The form is important, not the meaning
MINISTRY OFSOCIAL AFFAIRS AND HEALTH
7
A tool for administrators
Legislation can help keeping current administration Legislation can be a collection of “good habits”
Definitions of one generation Definitions of one religion
A tool to force other people to follow my ethical decisions
MINISTRY OFSOCIAL AFFAIRS AND HEALTH
9
Legislation gives possibilities
The area is regulated by a law Viestintämarkkinalaki (396/1997)
A law gives advantages to certain organizations Postitoimintalaki (N:o 907/ 1993 )
A law gives possibilities for private organizations Laki yksityisistä turvapalveluista (282/2002)
MINISTRY OFSOCIAL AFFAIRS AND HEALTH
10
Legislation sets requirements
Organizations must follow the rules of a society Penal code (39/89) Personal data act (523/1999) Laki yksityisyyden suojasta televiestinnässä ja
teletoiminnan tietoturvasta (565/1999) (Privacy in communication)
The legislation for specific areas
MINISTRY OFSOCIAL AFFAIRS AND HEALTH
11
Legislation gives authority
Legislations gives tools to improve security Act on background checks (177/2002)
Immediate crime prevention Hätävarjelu (RL 3 luku §6)
Private guards Private security services act (282/2002)
MINISTRY OFSOCIAL AFFAIRS AND HEALTH
12
Legislation as a general tool for protection
A punishment will follow if a law is violated A threat of punishment prevents crimes In practise, the probability of being caught is more
important than the level of punishment
MINISTRY OFSOCIAL AFFAIRS AND HEALTH
14
Penal code
Penal code 19.12.1889/39 Originated from 1889 but updated continuously The most important law for public Me Aleksander Kolmas, Jumalan Armosta, koko Venäjänmaan Keisari ja Itsevaltias,
Puolanmaan Zsaari, Suomen Suuriruhtinas, y.m., y.m., y.m. Teemme tiettäväksi: Suomenmaan Valtiosäätyjen alamaisesta esityksestä tahdomme Me täten armosta vahvistaa seuraavan rikoslain Suomen Suuriruhtinaanmaalle, jonka voimaanpanemisesta, niinkuin myöskin rangaistusten täytäntöönpanosta erityinen asetus annetaan
MINISTRY OFSOCIAL AFFAIRS AND HEALTH
15
Crimes
Aggravated war crime (578/1995) Violation of human rights in a state of emergency
(578/1995) Genocide (578/1995) Breach of the prohibition of biological weapons
(17/2003) Ethnic agitation (578/1995) Discrimination (578/1995) Warmongering (578/1995)
MINISTRY OFSOCIAL AFFAIRS AND HEALTH
16
Business secret
For the purposes of this chapter, a business secret is defined as a business or professional secret and to other corresponding business information that a businessman keeps secret and the revelation of which would be conductive to causing financial loss to him/her or to another businessman who has entrusted him/her with the information.
MINISTRY OFSOCIAL AFFAIRS AND HEALTH
17
Business espionage (769/1990) A person who unjustifiably obtains information regarding the
business secret of another by entering an area closed to unauthorised persons or accessing
an information system protected against unauthorised persons, by gaining possession of or copying a document or other record,
or in another comparable manner, or by using a special technical device,
with the intention of unjustifiably revealing this secret or unjustifiably utilising it shall be sentenced, unless a more severe penalty for the act is provided elsewhere in the law, for business espionage to a fine or to imprisonment for at most two years.
MINISTRY OFSOCIAL AFFAIRS AND HEALTH
18
Violation of a business secret (769/1990)
A person who, in order to gain financial benefit for himself/herself or another, or to injure another, unlawfully discloses the business secret of another or unlawfully utilises such a business secret, having gained knowledge of the secret
while in the service of another; while acting as a member of the administrative board of directors, the
managing director, auditor or receiver of a corporation or a foundation or in comparable duties;
while performing a duty on behalf of another or otherwise in a fiduciary business relationship; or
in connection with company restructuring proceedings, shall be sentenced, unless a more severe penalty for the act is provided elsewhere in
the law, for violation of a business secret to a fine or to imprisonment for at most two years. (54/1993)
This section does not apply to an act that a person referred to in subsection 1(1) has undertaken after two years has passed since his/her period of service has ended. (61/2003)
MINISTRY OFSOCIAL AFFAIRS AND HEALTH
19
Assault (578/1995)
A person who employs physical violence on another or, without such violence, damages the health of another, causes pain to another or renders another unconscious or to a comparable condition, shall be sentenced for assault to a fine or to imprisonment for at most two years. An attempt is punishable.
A person who through negligence inflicts not insignificant bodily injury or illness on another shall be sentenced for negligent bodily injury to a fine or to imprisonment for at most six months.
MINISTRY OFSOCIAL AFFAIRS AND HEALTH
20
Negligent homicide (578/1995)
A person who through negligence causes the death of another shall be sentenced for negligent homicide to a fine or to imprisonment for at most two years.
If in the negligent homicide the death of another is caused through gross negligence, and the offence is aggravated also when assessed as a whole, the offender shall be sentenced for grossly negligent homicide to imprisonment for at least four months and at most six years.
MINISTRY OFSOCIAL AFFAIRS AND HEALTH
21
Manslaughter and Murder (578/1995) A person who kills another shall be sentenced for manslaughter to
imprisonment for a fixed period of at least eight years. An attempt is punishable.
If the manslaughter is premeditated; committed in a particularly brutal or cruel manner; committed by causing serious danger to the public; or committed by killing a public official on duty upholding the
peace or public security, or because of an official action; and the offence is aggravated also when assessed as a whole, the
offender shall be sentenced for murder to life imprisonment. An attempt is punishable.
MINISTRY OFSOCIAL AFFAIRS AND HEALTH
22
Invasion of public premises (531/2000) A person who unlawfully
by force, stealth or deception, enters a public office, business premises, office, production installation, meeting place, other similar premises or another similar building, or the fenced yard of such a building, a barracks area or another area in the use of the armed forces, where movement is restricted by the decision of the competent authority, or
hides or stays in premises referred to in subparagraph (1) shall be sentenced for an invasion of public premises to a fine or to
imprisonment for at most six months. However, an act that has caused only a minor disturbance does not
constitute an invasion of public premises.
MINISTRY OFSOCIAL AFFAIRS AND HEALTH
23
Theft and Embezzlement (769/1990)
A person who appropriates movable property from the possession of another shall be sentenced for theft to a fine or to imprisonment for at most one year and six months. An attempt is punishable.
A person who appropriates the assets or other movable property of another which are in the possession of the offender shall be sentenced for embezzlement to a fine or to imprisonment for at most one year and six months.
MINISTRY OFSOCIAL AFFAIRS AND HEALTH
24
Personal Data Act
22.4.1999/523 The objectives of this Act are to implement, in the
processing of personal data, the protection of private life and the other basic rights which safeguard the right to privacy, as well as to promote the development of and compliance with good processing practice.
MINISTRY OFSOCIAL AFFAIRS AND HEALTH
25
Personal data
personal data means any information on a private individual and any information on his/her personal characteristics or personal circumstances, where these are identifiable as concerning him/her or the members of his/her family or household;
Any piece of information that can be connected to a person E-mail Computer logs Video surveillance tape
MINISTRY OFSOCIAL AFFAIRS AND HEALTH
26
Processing of personal data
Processing of personal data means the collection, recording, organisation, use, transfer, disclosure, storage, manipulation, combination, protection, deletion and erasure of personal data, as well as other measures directed at personal data;
MINISTRY OFSOCIAL AFFAIRS AND HEALTH
27
The requirements for processing
the data subject has unambiguously consented to the same; there is a relevant connection between the data subject and
the operations of the controller, based on the data subject being a client or member of, or in the service of, the controller or on a comparable relationship between the two
MINISTRY OFSOCIAL AFFAIRS AND HEALTH
28
Principles relating to data quality
The personal data processed must be necessary for the declared purpose of the processing (necessity requirement).
The controller shall see to that no erroneous, incomplete or obsolete data are processed (accuracy requirement). This duty of the controller shall be assessed in the light of the purpose of the personal data and the effect of the processing on the protection of the privacy of the data subject.
MINISTRY OFSOCIAL AFFAIRS AND HEALTH
29
Data security The controller shall carry out the technical and
organisational measures necessary for securing personal data against unauthorised access, against accidental or unlawful destruction, manipulation, disclosure and transfer and against other unlawful processing. The techniques available, the associated costs, the quality, quantity and age of the data, as well as the significance of the processing to the protection of privacy shall be taken into account when carrying out the measures.
MINISTRY OFSOCIAL AFFAIRS AND HEALTH
30
Remarks about personal data act
Personal data can be collected and processed if there is reasonable connection
Only such information can be collected which is necessary for the reasonable connection
The collection, content and usage must be designed beforehand The information must be correct The information must be protected When the connection end the information must be deleted
MINISTRY OFSOCIAL AFFAIRS AND HEALTH
31
Act on the Protection of Privacy in Working Life (759/2004)
The employer is only allowed to process personal data directly necessary for the employee’s employment relationship.
The employer shall collect personal data about the employee primarily from the employee him/herself. In order to collect personal data from elsewhere, the employer must obtain the consent of the employee.
The employer shall notify the employee in advance that data on the latter is to be collected in order to establish his/her reliability.
The employer is not permitted to require the employee to take part in genetic testing during recruitment or during the employment relationship, and has no right to know whether or not the employee has ever taken part in such testing.
MINISTRY OFSOCIAL AFFAIRS AND HEALTH
32
Act on the Protection of Privacy in Working Life (759/2004)
The employer may operate a system of continuous surveillance within his premises based on the use of technical equipment which transmits or records images (camera surveillance) for the purpose of ensuring the personal security of employees and other persons on the premises, protecting property or supervising the proper operation of production processes, and for preventing or investigating situations that endanger safety, property or the production process.
Camera surveillance may not, however, be used for the surveillance of a particular employee or particular employees in the workplace. Neither may camera surveillance be used in lavatories, changing rooms or other similar places, in other staff facilities or in work rooms designated for the personal use of employees.
MINISTRY OFSOCIAL AFFAIRS AND HEALTH
33
Organization and authorities
Authorities are important for organizations Permissions and authorizations Inspection Advice Crime prevention Crime solving
MINISTRY OFSOCIAL AFFAIRS AND HEALTH
34
Security and safety related authorities
Police Crime prevention Plans for security Crime solving
Public safety authorities Safety plans Inspections Fire fighting Solving reasons
MINISTRY OFSOCIAL AFFAIRS AND HEALTH
35
Contacts
Contacts are useful in normal situations, too It is good to have a contact person Authorities can participate in planning phase Communication can be unofficial
MINISTRY OFSOCIAL AFFAIRS AND HEALTH
36
If something happens
Find out what is happening Prevent the escalation Leave the solving to the authorities Re-build what is needed Prevent such an incident in the future