ONLINE PRIVACY & DATA PROTECTION VERINE ETSEBETH.

Slides:



Advertisements
Similar presentations
Identifying Data Protection Issues Developing Lifelong Learner Record Systems and ePortfolios in FE and HE: Planning for, and Coping with, Legal Issues.
Advertisements

Legal & Regulatory Compliance. Overview What types of information should be included? What issues or problems might there be? What benefits could be obtained?
Data Protection & Privacy in the Information Age COMNET – Legal Frameworks for ICTs Malta 2013 Dr Antonio Ghio Dr Jeanine Rizzo.
Administrative Systems and the Law What you need to know to produce an oral presentation for Unit 7 When the presentations will take place Resources you.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
CHARTERED SECRETARIES AUSTRALIA New Privacy Laws 6 June 2013.
1 Pertemuan 7 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.
ILONA GAVRONSKA GROUP IL-41 INTERNATIONAL LAW DEPARTMENT KYIV NATIONAL ACADEMY OF SCIENCES OF UKRAINE KYIV UNIVERSITY OF LAW.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Transborder dataflows Flow of information across national borders Much of this data involves personal information.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview
The Data Protection Act
Protecting information rights –­ advancing information policy Privacy law reform for APP entities (organisations)
Tina Kraigher and Milena Podjed-Fabjančič 18 April 2010 Processing of Telephone Traffic Data of Employees ( a Case Study )
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
Data Protection for Church of Scotland Congregations
Health & Social Care Apprenticeships & Diploma
Notes for Discussion on a Privacy Practice © Joe Cleetus.
The Data Protection Act 1998 The Eight Principles.
Privacy & Personal Information Prepared by the CBC Law Department CONFIDENTIAL – FALL 2011.
Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.
Data Protection Act AS Module Heathcote Ch. 12.
IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.
Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
What is personal data? Personal data is data about an individual which they consider to be private.
The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;
Data Protection Act (1984, 1998). 2 Data Protection Act There are many organisations which hold personal information about individuals Examples: Loyalty.
BC Public Libraries November, 2008 Privacy Principles.
Legal issues The Data Protection Act Legal issues What the Act covers The misuse of personal data By organizations and businesses.
Data Protection Property Management Conference. What’s it got to do with me ? As a member of a management committee responsible for Guiding property you.
PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.
Data Protection - Rights & Responsibilities Information Commissioner’s Office Orkney Practice Forum 4 th July 2007.
An Introduction to the Privacy Act Privacy Act 1993 Promotes and protects individual privacy Is concerned with the privacy of information about people.
Information Technology & Ethics. Impact The impact of IT on information and communication can be categorized into 4 groups: privacy, accuracy, property,
Data Protection and research Rachael Maguire Records Manager.
Data Protection Philip Reed. Introduction What is data? What is data protection? Who needs your data? Who wants your data? Who does not need your data?
Privacy Compliance in Schools Darrebin A/P’s Network 7 May 2009.
The Health Information Protection Act. What is the Health Information Protection Act (HIPA)? HIPA is legislation that speaks to access to, and protection.
SEMINAR: Copyright 2012 All rights reserved. This presentation and/or any part thereof is intended for personal use and may not be reproduced or distributed.
Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.
Protection of Personal Information Act An Analysis on the impact.
Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
TRANSBORDER DATA FLOWS INA MEIRING. THE PROTECTION OF PERSONAL INFORMATION ACT (“POPI”) > 'personal information' means information relating to an identifiable,
The Data Protection Act 1998
Data Protection GCSE ICT Mrs N Steventon-2005.
Privacy principles Individual written policies
Issues of personal data protection in scientific research
Obligations of Educational Agencies: Parents’ Bill of Rights
General Data Protection Regulation
Museums + Heritage webinar, 30 November 2017
The Data Protection Act 1998
Data Protection Update – GDPR or bust
Data Protection Legislation
EU Directive 95/46/EC (Paragraph 2) “Whereas data-processing systems are designed to serve man; whereas they must Respect their fundamental rights.
GENERAL DATA PROTECTION REGULATION (GDPR)
Data Protection Act.
G.D.P.R General Data Protection Regulations
General Data Protection Regulations
General Data Protection Regulation
Data Protection principles
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
General Data Protection Regulations 2018
Tools & Approaches for Ongoing Privacy Compliance
PERSONAL INFORMATION BILL
IAPP TRUSTe SYMPOSIUM 9-11 JUNE 2004
Welcome IITA Inbound Insider Webinar: An Introduction to GDPR
Dr Elizabeth Lomas The General Data Protection Regulation (GDPR): Changing the data protection landscape Dr Elizabeth Lomas
General Data Protection Regulation (GDPR)
Presentation transcript:

ONLINE PRIVACY & DATA PROTECTION VERINE ETSEBETH

 INTRODUCTION  TRADITIONAL VERSUS ONLINE DATA PROTECTION “We leave data everywhere we go” “What happens to our data happens to ourselves” Who controls our data controls our lives”

 CHALLENGES FACING ONLINE DATA PROTECTION  INTERNATIONAL LEGISLATIVE DEVELOPMENTS IN RESPONSE TO ONLINE PRIVACY CONCERNS  Individual country response: 1. EU 2. UK 3. CANADA 4. AUSTRALIA 5. USA

 ESSENTIAL MEASURES INTRODUCED BY COUNTRIES:  1. Consent requirement mechanism  2. Access requirement mechanism  3. Onward transfer provisions  4. Notice requirement mechanism  5. Information security mechanism  6. Spam regulation

 importance of online privacy  physical world privacy vs. online privacy  past – personal information kept under lock & key in offices  now – electronically available, anywhere, anytime, anyplace  Problem (1) electronic data is easily transferable (2) businesses share information in-discriminatorily Solution to the problem = Legislature introduced PROTECTION OF PERSONAL INFORMATION BILL (PPI Bill)

Natural persons & Juristic persons individual  any individual business entity  any business entity  For example:  Close Corporations  Private & Public Companies  Partnerships  Businesses that have been incorporated

 personal information information about an identifiable person – e.g.:  gender, religion, race, etc  fingerprints, blood type (DNA)  medical records

 data subject  the person who provides information about himself/herself  data controller  the person who collects, processes, stores and uses information  third party  person to whom data is disclosed

SA does not have separate legislation dealing exclusively with privacy protection Applicable law is fragmented Mirrors the EU Data Protection Directive

 The data controller must disclose to data subject the purpose(s) for which it is going to use the collected information  Purpose must be stated with relative degree of certainty  Purpose may not be defined in general, vague terms

 Before the data controller will be entitled to collect, use or process any personal information, it must obtain the prior written consent from the data subject to do so  Consent requirement = key feature of PPI Bill  Without consent no data that might have been collected may be used in any manner  Unlawful usage can result in huge fines & possibility of imprisonment

 Data controller must ensure that data which is collected is accurate, current and up-to- date  Two token identification generally required in SA

 When collecting, using and/or processing the personal information the data controller must at all relevant times inform the data subject of his/her rights  This would entail informing the data subject EXACTLY which statutes protect him/her & what remedies are available to him/her if they feel their rights have been violated

A data controller may not retain the personal information collected for any period longer than is necessary for the stated purpose The period for which the data controller decides to retain the information must therefore be reasonable & justifiable. KEY QUESTION = can you motivate why you are still retaining the data collected to a court of law? Position in America

A data controller must destroy any collected information that is no longer needed or used by them. Destruction ≠ deletion

8. CROSS-BORDER TRANSFER OF INFO

data controller must take adequate security measures to protect the confidentiality, integrity and availability of the information (cia) confidentiality: no unauthorised persons should be permitted to view the information encryption and cryptography integrity: no unauthorised person may alter the information encryption and digital signatures availability: information must be readily available on demand digital signatures & pki

any questions???