As in previous years, the start of 2012 sees the entry into force of a great many new laws and ordinances. These also include a whole range of regulations relevant for the ICT field.
The Federal Information Technology Ordinance (FITO) has been completely revised. The responsibilities for information and communication technology in the federal administration have been reorganized. Overall strategic responsibility for the use of ICT will be handled in future by the Federal Council. The Federal Strategy Unit for Information Technology (FSUIT) has been renamed the Federal IT Steering Unit (FITSU) and has been given additional competencies at operational level, including for example the adoption of ICT standards in the areas designated by the Federal Council, and is responsible for central management of standard services. At the same time the Federal IT Council (FITC) and the Information Security Committee are being transformed into purely consultative bodies of the FSUIT.
The ordinance on the surveillance of post and telecommunications traffic (VÜPF) has also been fundamentally revised. The main purpose of the VÜPF revision was to create the necessary statutory basis for the monitoring of internet traffic processed via internet access providers. The revision also concerns some important clarifications regarding the surveillance of telephony, e.g. concerning Voice over IP (VoIP), searching by MBS and interception of calls from foreign numbers.
The Council of Europe Convention on Cybercrime became effective for Switzerland at the start of 2012. The Convention contains uniform standards for the Member States concerning computer crimes (computer fraud, data theft, etc.), child pornography and copyright infringements on the internet, the collection and preservation of evidence in electronic data, and cross-border cooperation between authorities of the contracting states. In order to fulfil the requirements of the convention, the provisions in the Swiss Penal Code that relate to hacking have been adapted and a facility created in the law on international mutual legal assistance for traffic data from the monitoring of telecommunications traffic to be forwarded to the requesting foreign authorities even before the conclusion of the mutual legal assistance proceedings.
The provisions of the Health Insurance Act (KVG) governing a fundamental reorganization of hospital financing became effective on 1.1.2012. In particular, the flat-rate tariff system SwissDRG (DRG = Diagnosis Related Groups) is used for the remuneration of hospital services. The new service accounting system, of course, also necessitates appropriate adaptations relating to the underlying IT systems. However, the negotiations between hospitals and health insurers for setting the tariff levels have not yet been completed, and therefore the cantons have provided provisional tariffs for 2012 to enable the hospitals to issue invoices in order to remain solvent until definitive tariffs become effective.
However, there are even more innovations to be seen in the area of health insurance. For example, with regard to the new arrangements relating to balance of risk between health insurers which also entered into force on 1.1.2012, health insurers are now obliged inter alia to present the data processing policies to be drawn up by them under the Federal Act on Data Protection (FADP) in connection with the electronic processing of personal data to the Federal Data Protection and Information Commissioner (FDPIC) for assessment and to publicize their policies. The latter, however, is not entirely without problems because data processing policies, as governed by the data protection legislation, by their very nature constitute internal company documents containing information which a company would not normally publish for reasons of security and confidentiality, to prevent the possibility of this information being misused by third parties, e.g. for phishing attacks or for unwanted intrusions into the company’s systems. It is therefore necessary, when drawing up data processing policies, to find a reasonable compromise between the statutory publication requirement and the justified interest in maintaining secrecy of sensitive documents. We will be happy to assist you with this.