Presentation is loading. Please wait.

Presentation is loading. Please wait.

Protection of Personal Information Act An Analysis on the impact.

Published byAustin Williamson Modified over 8 years ago

Similar presentations

Presentation on theme: "Protection of Personal Information Act An Analysis on the impact."— Presentation transcript:

1 Protection of Personal Information Act An Analysis on the impact

2 History of the formation and necessity of the Act

3 Various versions of the Bill was published, and on the 26 th of November 2013 it was signed into law by the President. In line with −European Data Protection Directive of 1995; −United States Safe Harbour Rules; −Australian Data Privacy Principles; and −Indian Technology Rules.

4 Definitions Consent means any voluntary, specific and informed expression of will in terms of which permission is given for the processing of Personal Information. Data Subject is the person to whom Personal Information applies. Personal Information is information relating to an identifiable, living, natural person, and where applicable, an identifiable, existing juristic person or legal entity, such as race, gender, marital status, religion, education, employment history, biometric information, medical information, views or opinions of another about the person and the name of the person if disclosure thereof would reveal information about that person.

5 Processing is any operation or activity or any set of operations, whether or not by automatic means, concerning Personal Information, including: The collection, recording, collation, storage, updating, modification, retrieval, alteration, consultation or use; Dissemination by means of transmission, distribution or making available in any other form; or Merging, linking, as well as restriction, degradation, erasure or destruction of Personal Information. Responsible Party is a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing Personal Information.

6 Data Protection Conditions 1. Accountability 2. Processing Limitation 3. Purpose Specification 4. Further Processing Limitation 5. Information Quality 6. Openness 7. Security Safeguards 8. Data Subject Participation

7 Accountability The Responsible Party must ensure that all the provisions in the Act relating to the processing of Personal Information are complied with. Even if a function is outsourced it remains the responsibility of the Responsible Party.

8 Processing Limitation There are four categories of limitations: Lawfulness: Methods used to process data may not infringe on the privacy of the Data Subject. Minimality: Personal information may only be processed if it is relevant and not excessive for the purpose. Consent: Adequate and can be withdrawn. Collection Directly from Data Subject: unless Subject consented, made it public or the collection would not prejudice a right.

9 Purpose Specification Personal Information must be processed for a specific, defined and lawful purpose related to a function of the Responsible Party. If there is no intention to use the information for a specific purpose the Personal Information should not be collected.

10 Further Processing Limitation Further processing must be in accordance with the same purpose for which it was collected. To establish if it meets the requirements the Responsible Party should assess: Relationship between original and extended purpose; Consequences for the Data Subject; Manner in which it was collected; and Any contractual obligation between the parties.

11 Information Quality The Responsible Party must take reasonably practical steps to ensure that the Personal Information is: Complete; Accurate; Not misleading; and Updated as and when required.

12 Openness The Data Subject must be informed when: −The Personal Information is collected; and −If the Responsible Party intends transferring it to a third country and the level of protection in such country If Personal Information is collected the Responsible Party must take reasonable steps to ensure that the Data Subject is aware of: −The source if not collected directly from the subject; −The name and address of the Responsible Party; −The purpose for which the information is collected; and −If the supply of information is voluntary.

13 Security Safeguards The Responsible Party must secure the integrity and confidentiality of the information under its possession. Security measures include firewalls, encryptions, device security as well as policies and processes according to ISO standards. The Responsible Party must ensure that third parties offer the same security functions.

14 Data Subject Participation A Responsible Party must afford Data Subjects the following rights: −To confirm if the Responsible Party holds Personal Information about the Data Subject; −To provide a description thereof; and −To be given the opportunity to correct such information. Further limitations on the processing of Personal Information relating to children. Explicit consent must be given to engage in Direct Marketing and various measures exists to ensure the Data Subject can withdraw its consent.

15 Applying for exemption (s37) A Responsible Party may apply to the Regulator for exemption if: The public interest of the processing outweighs, to a substantial degree, the interference with the Data Subject’s rights to privacy; or The processing involves a clear benefit to the Data Subject or a third party that outweighs, to a substantial degree, the infringement.

16 Public interest includes: Interest of national security; Prevention of offences; Fostering compliance with legal provisions; Economic interests of a public body; Historical, statistical or research activity; and Special importance related to the freedom of expression.

17 Summary PAIA Manual is approved and implemented Regulator is in process of formation Exemption to be applied for Ethics Committee requirements sufficient

Download ppt "Protection of Personal Information Act An Analysis on the impact."

Similar presentations

The Role of the IRB An Institutional Review Board (IRB) is a review committee established to help protect the rights and welfare of human research subjects.

The Role of the IRB An Institutional Review Board (IRB) is a review committee established to help protect the rights and welfare of human research subjects.
PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR

PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR
Data Protection & Privacy in the Information Age COMNET – Legal Frameworks for ICTs Malta 2013 Dr Antonio Ghio Dr Jeanine Rizzo.

Data Protection & Privacy in the Information Age COMNET – Legal Frameworks for ICTs Malta 2013 Dr Antonio Ghio Dr Jeanine Rizzo.
DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
Data Protection Information Management / Jody McKenzie.

Data Protection Information Management / Jody McKenzie.
BIOMETRICS, CCTV & DATA PROTECTION By Drudeisha Madhub Data Protection Commissioner Date: 09.07.14.

BIOMETRICS, CCTV & DATA PROTECTION By Drudeisha Madhub Data Protection Commissioner Date:
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
DATA PROTECTION and Research University Research Ethics Committee – 08.05.2006 David Cauchi Office of the Data Protection Commissioner.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.

What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Www.oaic.gov.au Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
Per Anders Eriksson

Per Anders Eriksson
Data Protection: The Law. EU & Irish Legislation Data Protection Directive 95/46/EC Electronic Privacy Directive 2002/58/EC EUROPOL etc Data Protection.

Data Protection: The Law. EU & Irish Legislation Data Protection Directive 95/46/EC Electronic Privacy Directive 2002/58/EC EUROPOL etc Data Protection.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005

Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005
Data Protection Overview

Data Protection Overview
Protecting information rights –­ advancing information policy Privacy law reform for APP entities (organisations)

Protecting information rights –­ advancing information policy Privacy law reform for APP entities (organisations)
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.

 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
THE PERSONAL DATA PROTECTION ACT 2010: ISSUES & IMPLICATIONS

THE PERSONAL DATA PROTECTION ACT 2010: ISSUES & IMPLICATIONS
The Protection of Personal Information Act

The Protection of Personal Information Act
The Data Protection Act 1998 The Eight Principles.

The Data Protection Act 1998 The Eight Principles.

Similar presentations

Ads by Google