Personal Data Privacy and The Internet by Stephen Lau Privacy Commissioner for Personal Data, Hong Kong SAR at the Joint Conference of the OECD, HCOPIL,

Slides:



Advertisements
Similar presentations
BIOMETRICS, CCTV & DATA PROTECTION By Drudeisha Madhub Data Protection Commissioner Date:
Advertisements

CHAPTER 4 E-ENVIRONMENT
PIPA PRESENTATION PERSONAL INFORMATION PROTECTION ACT.
The Data Protection (Jersey) Law 2005.
OHT 4.1 © Marketing Insights Limited 2004 Chapter 4 E-environment.
ELECTRONIC BUSINESS ENVIRONMENT. Learning objectives Identify the different elements of the e-environment that impact on an organisation’s e-business.
Privacy No matter how exemplary your life is, there are things you want to keep to yourself © 2004, Lawrence Snyder.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
6/1/2015MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA 1 PRESENTATION OF PERSONAL DATA PROTECTION BILL PRESENTATION OF PERSONAL DATA PROTECTION BILL.
Data Protection and Records Management
E-Privacy for Electronic Commerce Implementing E-Privacy - An Enterprise Approach Tony LAM Deputy Privacy Commissioner for Personal Data, Hong Kong SAR.
Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
1 Pertemuan 7 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.
The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.
Lecture to Carleton University, Center for European Studies, December 1, 2010.
Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.
Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Anglican Province of Canada Privacy Policy. Commitment to Privacy The Privacy Policy, including the Web Privacy Statement, is the Anglican Province of.
DATA PROTECTION AND PATIENT CONFIDENTIALITY IN RESEARCH Nic Drew Data Protection Manager University Hospital of Wales   
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005
Personal Data (Privacy) Ordinance Hong Kong Personal Data (Privacy) Ordinance Hong Kong by Stephen Lau Privacy Commissioner for Personal Data Hong Kong.
Keeping on top of the Cloud - Compliance from a Regulator’s Perspective Henry Chang, IT Advisor Office of the Privacy Commissioner for Personal Data, Hong.
Protecting information rights –­ advancing information policy Privacy law reform for APP entities (organisations)
NCA guide for businesses Selling via a website An overview of the key rules if you sell online to consumers.
Standards and Guidelines for Web Page Publishing December 9, 2009.
Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.
Chapter 5 E-environment
2 Private versus public. 2 Lesson objectives By the end of the session, you will: understand how you might unintentionally disclose personal data; define.
13 July 2006Susan Joseph Health Privacy It’s My Business Health Records Act 2001 (Vic) eReferral Service Co-ordination System.
Care.Data an ICO Update EMIS National User Group Conference East Midlands Conference Centre Nottingham 3 rd October 2013 Lynne Shackley Lead Policy Officer.
6th CACR Information Security Workshop 1st Annual Privacy and Security Workshop (November 10, 2000) Incorporating Privacy into the Security Domain: Issues.
Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.
Data Protection and You Your Rights & The Law Registration Basics Other Activities Disclaimer: This presentation only provides an introductory info. Please.
7-Oct-15 Threat on personal data Let the user be aware Privacy and protection.
1 Office of the Privacy Commissioner for Personal Data Hong Kong SAR Tony LAM Deputy Privacy Commissioner for Personal Data Asian Personal Data Privacy.
The European influence on privacy law and practice Nigel Waters, Pacific Privacy Consulting International Dimension of E-commerce and Cyberspace Regulation.
Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.
IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.
What is personal data? Personal data is data about an individual which they consider to be private.
Building Trust in the Online Environment: Business to Consumer Dispute Resolution Joint OECD, HCOPIL, ICC Conference The Hague, December 2000 Session.
The Competition Bureau Experience BUILDING TRUST IN THE ONLINE ENVIRONMENT: BUSINESS TO CONSUMER DISPUTE RESOLUTION JOINT CONFERENCE OF THE OECD, HCOPIL,
Data protection This means ensuring that stored data does not get changed, removed or accessed accidentally or by unauthorised people. Data can be corrupted,
E-Business Project - Strategy Carl Arrowsmith
Malcolm Crompton APEC Information Privacy Framework: review, impact, & progress APEC Symposium on Information Privacy Protection in E Government & E Commerce.
1 Office of the Privacy Commissioner for Personal Data Hong Kong SAR Tony LAM Deputy Privacy Commissioner for Personal Data Briefing to Asian Data Privacy.
An Introduction to the Privacy Act Privacy Act 1993 Promotes and protects individual privacy Is concerned with the privacy of information about people.
DATA ACCURACY- one of the issues of computer ethics. Providing inaccurate data input results in erroneous information & decision making. Information on.
Personal data protection in research projects
APEC Privacy Framework “The lack of consumer trust and confidence in the privacy and security of online transactions and information networks is one element.
DATA PROTECTION ACT DATA PROTECTION ACT  Gives rights to data subjects (i.e. people who have data stored about them on a computer)  Information.
© University of Reading Lee Shailer 06 June 2016 Data Protection the basics.
Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.
Data protection—training materials [Name and details of speaker]
Understanding Privacy An Overview of our Responsibilities.
Understanding Privacy An Overview of our Responsibilities.
The Data Protection Act 1998
CISI – Financial Products, Markets & Services
Privacy principles Individual written policies
Data Protection: EU & International
APP entities (organisations)
The Data Protection Act 1998
New Data Protection Legislation
G.D.P.R General Data Protection Regulations
Data Protection principles
OECD Guidelines Collection Limitation: should be limited to personal data, obtained by lawful and fair means, and (where appropriate) with knowledge and.
Identify the laws and guidelines that affect day-to-day use of IT.
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
IAPP TRUSTe SYMPOSIUM 9-11 JUNE 2004
Hot Topic 1: GDPR and Traffic Data Systems
Presentation transcript:

Personal Data Privacy and The Internet by Stephen Lau Privacy Commissioner for Personal Data, Hong Kong SAR at the Joint Conference of the OECD, HCOPIL, ICC “Building Trust in the Online Environment: Business to Consumer Dispute Resolution” The Crowne Plaza Promenade Hotel The Hague, The Netherlands December

Electronic Commerce Consumer TRUST & CONFIDENCE Identity of suppliers? Integrity of information? Electronic contract? Payment reliability? Errors/frauds? DATA PRIVACY? 2

Forrester Research, October 1999, US 90% of online consumers want to have control over how their personal data is used once it has been collected two out of three people say that they have reservations about giving out personal information online consumers who have moderate privacy concerns spend 21% less online than those who have less than moderate concerns 3

4

5

The basic premise is “What is illegal off-line is also illegal on-line” 6

Personal Data (Privacy) Ordinance Data Protection Principles Principle 1 - Purpose and manner of collection - this provides for the lawful and fair collection of personal data and sets out the information a data user must give to a data subject when collecting personal data from the subject. Principle 2 - Accuracy and duration of retention - this provides that personal data should be accurate, up-to- date and kept no longer than necessary. 7

Personal Data (Privacy) Ordinance Data Protection Principles Principle 3 - Use of personal data - this provides that unless the data subject gives consent otherwise personal data should be used for the purposes for which they were collected or a directly related purpose. Principle 4 - Security of personal data - this requires appropriate security measures to be applied to personal data (including data in a form in which access to or processing of the data is not practicable). 8

Personal Data (Privacy) Ordinance Data Protection Principles Principle 5 - Information to be generally available - this provides for openness by data users about the kinds of personal data they hold and the main purposes for which personal data are used. Principle 6 - Access to personal data - this provides for data subjects to have rights of access to and correction of their personal data. 9

Data Privacy Issues on Internet no personal information collection (PIC) statement with on- line data collection by websites no display of data privacy policy statement with websites data collection without consent ( address, cookies, etc.) unfair collection (e.g. from children) interception of data during transmission use of data different from original purpose of collection security of data held in websites spamming identity theft 10

Sample Survey of Hong Kong - Based Web Sites Conducted between July to October 1998 Visited 531 sites from both public and private sectors 11

Objectives To assess the extent to which Hong Kong-based web sites are operated in a manner that meets: -the requirements of the Personal Data (Privacy) Ordinance -standards of good and reasonable personal information handling 12

Provision of Personal Information Collection (PIC) Statement 339 sites had personal data collection forms 13

Provision of Privacy Policy Statement Only 21 sites had Privacy Policy Statements 14

Results of Compliance Check Exercise 59 sites (25%) of 236 sites which have online personal data collection form displayed a PPS 15

Results of Compliance Check Exercise 220 sites (93%) of the 236 sites which have online personal data collection forms displayed a PICS Formal investigations being carried out into 16 sites (7%) 236 sites have online personal data collection forms 339 sites had online personal data collection forms 16

Guidelines on the Protection of Personal Data Privacy on the Internet “Internet Surfing with Privacy in Mind” - A Guide for Individual Net users “Personal Data Privacy and the Internet” - A Guide for Data Users “Preparing On-line - Personal Information Collection Statements and Privacy Policy Statements” 17

Launching in 2001 A Series on “E-Privacy” 18

Privacy Commissioner for Personal Data Hong Kong Website: Hotline: (852) `19