The Protection of Personal Information Bill 13 February 2013 1.

Slides:

Advertisements

Similar presentations

Family Education Rights & Privacy Act of 1974 FERPA, You, & UC.

Advertisements

Part 2. QUEENSLAND INTERNATINOAL BUSINESS ACADAMY.

Data Protection Information Management / Jody McKenzie.

HIPAA Privacy Rule Training

 Original Intent: ◦ Act passed in 1996 with two main goals: 1.Ensure individuals would be able to maintain their health insurance between jobs (the “portability”

The Data Protection (Jersey) Law 2005.

Christian Vargas. Also known as Data Privacy or Data Protection Is the relationship between collection and spreading or exposing data and information.

© 2012 Morgan Cole LLPExpertise | Experience | Efficiency | Contribution 11th October 2012 Avoiding Data Protection pitfalls when collecting Equality Information.

Security of Computerized Medical Information: Threats from Authorized Users James G. Anderson, Ph.D. Purdue University.

1 FERPA and Student Privacy in Records of University Research ECURE March 1, 2005 Richard Rainsberger, Ph.D. Consultant, Education Records Law and Privacy.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Overview

The Data Protection Act

 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.

Data Protection for Church of Scotland Congregations

Challenges for Civil Liberties

Board Accreditation Education. Anti-Discrimination Policy: Four Villages is committed to ensuring that all staff, students, Board members and volunteers.

. South African Airways South African Airways Applications for vacant position required: POSITION:Flight attendant DUTIES:Serve passengers; Ensure flight.

Banks and the Privacy of Medical Information 8 th National HIPAA Summit March 8, 2004 Joy Pritts, JD Health Policy Institute Georgetown University

Human Rights and Patient Care Anahit Harutyunyan Armenia.

HNC in Health and Social Care Unit 1: Communicating in Health and Social Care Organisations SESSION 7.

South Africa UN Convention of the Rights of People with Disabilities: Signed and ratified: December 2007.

Coding Compliance Plan July 12, Benefits of a compliance program  To demonstrate our commitment to honest and responsible conduct, decrease the.

7-Oct-15 Threat on personal data Let the user be aware Privacy and protection.

Privacy & Personal Information Prepared by the CBC Law Department CONFIDENTIAL – FALL 2011.

Security of the Distributed Electronic Patient Record: A Case-Based Approach James G. Anderson, Ph.D. Purdue University.

Family Educational Rights and Privacy Act (FERPA) UNION COLLEGE.

Rights & responsibilities law in action. outcomes know where individuals rights and responsibilities come from define rights and responsibilities as applied.

Data Protection Act & Freedom of Information Simon Mansell Corporate Governance and Information Team.

The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;

Why the Data Protection Act was brought in  The 1998 Data Protection Act was passed by Parliament to control the way information is handled and to give.

CIVILIAN SECRETARIAT FOR POLICE. PRESENTATION TO THE SELECT COMMITTEE ON SECURITY AND CONSTITUTIONAL DEVELOPMENT OF THE NCOP 11 SEPTEMBER 2013 CRIMINAL.

HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.

Data Protection for Church of Scotland Congregations.

IM NETWORK MEETING 20 TH JULY, 2010 CONSULTATION WITH 3 RD PARTIES.

ANONYMISATION Research Data Management. c Research Data Management Sensitive Data Sensitive Data is information covering: The racial or ethnic origin.

The principles of equal treatment in Estonia. The Constitution of the Republic of Estonia: Everyone is equal before the law. No one shall be discriminated.

Lecture 2.  NDF  NIA  SA Secret Service  SA National Academy of Intelligence  Staff and directors of COMSEC. (COMSEC (formally Electronic Communications.

ULL 214 Chapter 2 30 January WHAT IS LEGISLATION? 1)Written law enacted by a body or person authorised to do so by the 2) Constitution or other.

INFORMATION GOVERNANCE AND CONFIDENTIALITY Information Governance Facilitator.

HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.

GCSE ICT Data and you: The Data Protection Act. Loyalty cards Many companies use loyalty cards to encourage consumers to use their shops and services.

Data protection—training materials [Name and details of speaker]

Privacy and Personal Information. WHAT YOU WILL LEARN: What personal information is. General guidelines for the collection of personal information. Your.

Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.

Protection of Personal Information Act An Analysis on the impact.

Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.

TRANSBORDER DATA FLOWS INA MEIRING. THE PROTECTION OF PERSONAL INFORMATION ACT (“POPI”) > 'personal information' means information relating to an identifiable,

Students’ Unions 2011 Data Protection and Students’ Unions Mairead O’Reilly 19 July 2011.

FERPA Family Educational Rights and Privacy Act

Monique Jefferson & Nadine Mather

UNHCR‘s Policy on the Protection of Personal Data of Persons of Concern - An introduction (October 2016)

Data Protection GCSE ICT Mrs N Steventon-2005.

(Portfolio Committee on Justice and Correctional Services)

Privacy principles Individual written policies

Human Rights and Patient Care

GDPR Overview Gydeline – October 2017

Data workshop WhOSE DATA IS IT ANYWAY? Alexia Christie

GDPR Overview Gydeline – October 2017

Data Protection & Freedom of Information- An Introduction

GENERAL DATA PROTECTION REGULATION (GDPR)

Implications of the PoPI Act for the higher education sector

New Data Protection Legislation

Data Protection principles

IMPLICATIONS OF GDPR ROBERT BELL.

GDPR Workshop MEU Symposium Prague 2018

Introduction to Employment and Employee Relations

PERSONAL INFORMATION BILL

General Data Protection Regulation Q & A Session

Legislative Response to Data Inferences

Presentation transcript:

The Protection of Personal Information Bill 13 February

INTRODUCTION The POPI Bill, developed out of the Open Democracy Bill in 1996 Consumer protection legislation Growth of the information age Growth of credit, banking, insurance, pharmaceutical, direct marketing and health care industries Growth of electronic and technological databases Personal information has become saleable to highest bidder in order to increase sales Data protection legislation; personal info must be processed with privacy of data subject in mind 2

BACKGROUND If collection of personal information is allowed, then it has to be regulated to allow for fairness, and effectiveness of such collection and integrity of information Open Democracy Bill Removal of data protection provisions from the Bill by Cabinet Different from PAIA(2 of 2000): Free flow of information POPI regulates the flow of personal information Eight years of research (SALRC) First introduced into Parliament in 2009,adopted 9 th version on September

OBJECTS OF THE BILL 4

DEFINITIONAL ISSUES Personal information’ includes information relating to:  A wide range of personal characteristics - race, gender, sex, marital status, national, ethnic or social origin; colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language, and birth, etc.  Educational and medical, financial, criminal, or employment history.  Any identifying number/symbol and contact details ( address, physical address, telephone number etc), location identifier, online identifier, or biometric data.  Opinion information, including views/opinions of another person abut that person;  Private/confidential personal correspondence.  The name of the person (if with other personal information). 5

DEFINITIONAL ISSUES ‘Processing’ covers all aspects of the information cycle – including collection, dissemination, and destruction. ‘Record’ is any recorded information, regardless of medium, in the possession of the responsible party including – 6

KEY ISSUES Consent, justification and objection 11(3)(a) There is no definition of what constitutes ‘reasonable grounds’ The objection by a data subject should be enough and should not be qualified by ‘reasonable grounds’ Retention and Restriction of Records Chapter 3(14)(1) The Committee should consider placing a time limit on the retention of records. How This ultimately protects data subjects 7

KEY ISSUES Notification of security compromises S 21(4)(c),(d) Clause (c)-(d) provides for the publication of the notification when the Regulator. The Committee should consider whether the publication process not affect the right to privacy of a data subject? Correction of Personal Information S 24(2)(a-c) The Committee should consider whether it is appropriate to place time limits on the correction of information applicable to both the Regulator and data subject 8

KEY ISSUES Authorisation concerning data subject’s health or sexual life S 32 (1) The Bill proposes exemptions for certain categories of people such as medical professionals, insurance companies and probation institutions or child protection. The Minister and Minister of Correctional Services, pension fund administrators are also excluded. The question that should be considered is whether the exemption should be granted to those companies that in the longer term will benefit or profit from information held by them on data subjects. There are ethics involved in processing the information and should be clarified 9

OTHER ISSUES Authorisation concerning data subjects’ criminal behaviour S 33 (1) The processing of information by law enforcement agencies, are exempted. However, clause 33(2) can be considered too wide ranging because it allows pre- emptive data processing if the responsible party for their own lawful purpose, to ‘protect their legitimate interest’. The Committee may want to consider placing a qualification on this clause so that such exemption is within the constitutional boundaries Exemption from information protection principles Chapter 4 S The Regulator may, in the public interest or the data subject’s interest, grant an exemption to authorise the responsible party to process information even if it breaches the principles of information protection. The Committee should consider this clause and weigh it up with the right to privacy 10

OFFENCES AND PENALTIES The Bill provides for offences and Penalties Obstruction of Regulator. Breach of confidentiality. Obstruction of execution of warrant. Failure to comply with information/enforcement notices is a criminal offence. Failure of witnesses to attend and give evidence or to produce a book/document or object. Failure to comply with conditions for lawful processing in so far as they relate to the processing of a data subject’s account number. Knowingly or recklessly obtaining or disclosing a data subject’s account number or procuring a data subject’s account number to another party without consent. 11

CONCLUSION The Bill provides protection for data subjects in the processing of their information The Committee should ideally consider the positive features of the Bill Propose that the Committee considers support for the Bill after satisfying itself that the all areas that require clarity has been addressed 12