International Telecommunication Union HIPSSA Project Support for Harmonization of the ICT Policies in Sub-Sahara Africa, TRAINING /DATA PROTECTION LAW.

Slides:



Advertisements
Similar presentations
THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.
Advertisements

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
Red Flag Rules: What they are? & What you need to do
International Telecommunication Union HIPSSA Project Support for Harmonization of the ICT Policies in Sub-Sahara Africa, Meeting with the Namibia ICT Ministry.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training
WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.
The Data Protection (Jersey) Law 2005.
Data Protection.
Hong Kong Privacy Code on Human Resource Management
Audiences NI Data Protection Workshop
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview
The Data Protection Act
Protecting information rights –­ advancing information policy Privacy law reform for APP entities (organisations)
Data Protection for Church of Scotland Congregations
Regulation of Personal Information Daniel Pettitt, Leon Sewell and Matthew Pallot.
HIPAA PRIVACY AND SECURITY AWARENESS.
IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.
DATA PROTECTION & FREEDOM OF INFORMATION. What is the difference between Data Protection & Freedom of Information? The Data Protection Act allows you.
Data Protection Act & Freedom of Information Simon Mansell Corporate Governance and Information Team.
Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
Processing personal health data: the regulator’s perspective Ken Macdonald Assistant Commissioner Information Commissioner’s Office.
Information Commissioner’s Office Sheila Logan Operations and Policy Manager Information Commissioner’s Office Business Matters 20 May 2008.
The Data Protection Act - Confidentiality and Associated Problems.
The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;
Data Protection and Records Management. Key Responsibilities - Record Management Keep Information Accurate Disclose only if compatible with purpose for.
Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.
1 CONFIDENTIALITY. 2 Requirement Under IDEA 34 CFR Sec (c) All staff collecting or using personally identifiable information in public education.
Data Protection for Church of Scotland Congregations.
IM NETWORK MEETING 20 TH JULY, 2010 CONSULTATION WITH 3 RD PARTIES.
PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.
2 1.Client protection principles 2.Principle #6 in practice 3.The client perspective 4.Participant feedback 5.Tools for improving practice 6.Conclusion.
12/12/2015 Data Protection Act /12/2015 The DP Act A law that protects personal privacy and upholds individual’s rights Anyone who handles personal.
An Introduction to the Privacy Act Privacy Act 1993 Promotes and protects individual privacy Is concerned with the privacy of information about people.
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.
HIPAA: Breach Notification By: Office of University Counsel For: Jefferson IRB Continuing Education September 2014.
Dino Tsibouris & Mehmet Munur Privacy and Information Security Laws and Updates.
Information Security January What is Information Security?  Information Security is about the physical security of our equipment and networks as.
© University of Reading Lee Shailer 06 June 2016 Data Protection the basics.
Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.
Data protection—training materials [Name and details of speaker]
Uses of brain imaging data: privacy and governance implications Dr. Hester Ward Medical Director, Information Services Division, (ISD) Consultant in Public.
Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
Introduction to Data Protection Plan »Brief Introduction to Data Protection  Example  Principles  P3, 4, 7  Sensitive Data  Conditions for Processing.
The Data Protection Act 1998
Data protection and data sharing
HIPSSA Project PRESENTATION ON SADC DATA PROTECTION MODEL LAW
Privacy principles Individual written policies
Data Protection The Current Regime
APP entities (organisations)
The Data Protection Act 1998
GENERAL DATA PROTECTION REGULATION (GDPR)
New Data Protection Legislation
HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT
G.D.P.R General Data Protection Regulations
The new data protection rules
Employee Privacy and Privacy of Employee Information
General Data Protection Regulation
Data Protection principles
HIPSSA Project Support for Harmonization of the ICT Policies in Sub-Sahara Africa, Meeting with the Namibia ICT Ministry and Data Protection Stakeholders.
How we use Your Health Records
Data protection and data sharing
General Data Protection Regulations 2018
Enforcement and Policy Challenges in Health Information Privacy
Understanding Data Protection
Dr Elizabeth Lomas The General Data Protection Regulation (GDPR): Changing the data protection landscape Dr Elizabeth Lomas
Presentation transcript:

International Telecommunication Union HIPSSA Project Support for Harmonization of the ICT Policies in Sub-Sahara Africa, TRAINING /DATA PROTECTION LAW Case Studies on Data Protection Violations Zambia, August 2013 Gertrude Mukuwa National Expert on Data Protection

Summary of the Content International case studies on data protection law violations Reveals the approach of the Data Protection Commissioner/ Authority Reveals how the Data Protection Act and the principles are interpreted

Allianz requesting excessive personal information at quotation stage (Ireland)  The insurance agent asked the potential provide her date of birth and her mother's maiden name for a quote for pet insurance.  The data protection law in Ireland provide that personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are collected or are further processed  Following intervention, Allianz confirmed its intention to cease using its ID verification screen and request for mothers maiden name at quotation stage.

Unlawful use of CCTV to remotely monitor an employee (Ireland)  Complaint to Commissioner - personal privacy was affected in workplace - inappropriate use of CCTV.  Phone calls from the employer allegedly described to him what he had been doing at a particular time.  Employee said that the CCTV system was installed without prior staff notification as to the reason for its installation or its purpose.  Commissioner noted rule that CCTV be proportionate response to risk taking into account of the legitimate privacy and other interests of workers. Furthermore requirement of meeting transparency staff must be informed – Employer ordered to cease use of CCTV.

Credit card transaction – use of details from previous transaction without consent (Ireland)  A customer of a car rental company alleged that the company had used his credit card data – obtained in a previous transaction – to process a disputed charge without his consent, and in spite of his objections to the charge  The specific data protection issue in this case was whether the rental firm obtained and processed the complainant's credit card details fairly, with the appropriate level of consent from the individual.  Commissioner “credit card data obtained for a particular transaction cannot be used subsequently for other transactions without express consent, without violating the ‘fair obtaining’ rule. The principle of transparency and fairness, which are key tenets of data protection law and practice, apply in this area just as in any other”

Bank of Scotland – appropriate and effective security measures (UK)  5 August 2013  A monetary penalty notice has been served to the Bank of Scotland after customers’ account details were repeatedly faxed to the wrong recipients. The information included payslips, bank statements, account details and mortgage applications, along with customers’ names, addresses and contact details.  pounds monetary penalty k-of-scotland-monetary-penalty-notice.pdf

NHS Surrey - appropriate and effective security measures (UK)  12 July 2013  A monetary penalty notice has been served on NHS Surrey following the discovery of sensitive personal data belonging to thousands of patients on hard drives sold on an online auction site. Whilst NHS Surrey has now been dissolved outstanding issues are now being dealt with by the Department of Health.  A member of the public informed the data controller that he had purchased a PC with confidential medical information from a third party company (the “third party company”) via an online auction site. Files contained confidential sensitive personal data and HR records including patient records relating to approximately 900 adults and 2000 children  pounds monetary penalty surrey-monetary-penalty-notice.pdf

Glasgow City Council - appropriate and effective security measures – encryption of laptops (UK)  7 June 2013 A monetary penalty notice has been served to Glasgow City Council, following the loss of two unencrypted laptops, one of which contained the personal information of 20,143 people.  pounds penalty sgow-city-council-monetary-penalty-notice.ashx

Concluding Thoughts Case studies reveal the approach of the Data Protection Commissioner/ Authority Reveals how the Data Protection Act and the principles are interpreted Private and public sector, as data controllers, must assess their practices against the requirements of the Act A transition period must be applied in the Bill for organisations to conform their practices Ultimately, it is important that an Authority is established to enforce the Bill and realise data protection safeguards in Zambia

Thank You Questions? Gertrude M. Imbwae National Legal Expert on Data Protection

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.