Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Protection of Personal Information Bill 13 February 2013 1.

Published byMariah Snow Modified over 9 years ago

Similar presentations

Presentation on theme: "The Protection of Personal Information Bill 13 February 2013 1."— Presentation transcript:

1 The Protection of Personal Information Bill 13 February 2013 1

2 INTRODUCTION The POPI Bill, developed out of the Open Democracy Bill in 1996 Consumer protection legislation Growth of the information age Growth of credit, banking, insurance, pharmaceutical, direct marketing and health care industries Growth of electronic and technological databases Personal information has become saleable to highest bidder in order to increase sales Data protection legislation; personal info must be processed with privacy of data subject in mind 2

3 BACKGROUND If collection of personal information is allowed, then it has to be regulated to allow for fairness, and effectiveness of such collection and integrity of information Open Democracy Bill Removal of data protection provisions from the Bill by Cabinet Different from PAIA(2 of 2000): Free flow of information POPI regulates the flow of personal information Eight years of research (SALRC) First introduced into Parliament in 2009,adopted 9 th version on September 2012 3

4 OBJECTS OF THE BILL 4

5 DEFINITIONAL ISSUES Personal information’ includes information relating to:  A wide range of personal characteristics - race, gender, sex, marital status, national, ethnic or social origin; colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language, and birth, etc.  Educational and medical, financial, criminal, or employment history.  Any identifying number/symbol and contact details (email address, physical address, telephone number etc), location identifier, online identifier, or biometric data.  Opinion information, including views/opinions of another person abut that person;  Private/confidential personal correspondence.  The name of the person (if with other personal information). 5

6 DEFINITIONAL ISSUES ‘Processing’ covers all aspects of the information cycle – including collection, dissemination, and destruction. ‘Record’ is any recorded information, regardless of medium, in the possession of the responsible party including – 6

7 KEY ISSUES Consent, justification and objection 11(3)(a) There is no definition of what constitutes ‘reasonable grounds’ The objection by a data subject should be enough and should not be qualified by ‘reasonable grounds’ Retention and Restriction of Records Chapter 3(14)(1) The Committee should consider placing a time limit on the retention of records. How This ultimately protects data subjects 7

8 KEY ISSUES Notification of security compromises S 21(4)(c),(d) Clause (c)-(d) provides for the publication of the notification when the Regulator. The Committee should consider whether the publication process not affect the right to privacy of a data subject? Correction of Personal Information S 24(2)(a-c) The Committee should consider whether it is appropriate to place time limits on the correction of information applicable to both the Regulator and data subject 8

9 KEY ISSUES Authorisation concerning data subject’s health or sexual life S 32 (1) The Bill proposes exemptions for certain categories of people such as medical professionals, insurance companies and probation institutions or child protection. The Minister and Minister of Correctional Services, pension fund administrators are also excluded. The question that should be considered is whether the exemption should be granted to those companies that in the longer term will benefit or profit from information held by them on data subjects. There are ethics involved in processing the information and should be clarified 9

10 OTHER ISSUES Authorisation concerning data subjects’ criminal behaviour S 33 (1) The processing of information by law enforcement agencies, are exempted. However, clause 33(2) can be considered too wide ranging because it allows pre- emptive data processing if the responsible party for their own lawful purpose, to ‘protect their legitimate interest’. The Committee may want to consider placing a qualification on this clause so that such exemption is within the constitutional boundaries Exemption from information protection principles Chapter 4 S 36 +37 The Regulator may, in the public interest or the data subject’s interest, grant an exemption to authorise the responsible party to process information even if it breaches the principles of information protection. The Committee should consider this clause and weigh it up with the right to privacy 10

11 OFFENCES AND PENALTIES The Bill provides for offences and Penalties Obstruction of Regulator. Breach of confidentiality. Obstruction of execution of warrant. Failure to comply with information/enforcement notices is a criminal offence. Failure of witnesses to attend and give evidence or to produce a book/document or object. Failure to comply with conditions for lawful processing in so far as they relate to the processing of a data subject’s account number. Knowingly or recklessly obtaining or disclosing a data subject’s account number or procuring a data subject’s account number to another party without consent. 11

12 CONCLUSION The Bill provides protection for data subjects in the processing of their information The Committee should ideally consider the positive features of the Bill Propose that the Committee considers support for the Bill after satisfying itself that the all areas that require clarity has been addressed 12

Download ppt "The Protection of Personal Information Bill 13 February 2013 1."

Similar presentations

Family Education Rights & Privacy Act of 1974 FERPA, You, & UC.

Family Education Rights & Privacy Act of 1974 FERPA, You, & UC.
Part 2. QUEENSLAND INTERNATINOAL BUSINESS ACADAMY.

Part 2. QUEENSLAND INTERNATINOAL BUSINESS ACADAMY.
Data Protection Information Management / Jody McKenzie.

Data Protection Information Management / Jody McKenzie.
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
 Original Intent: ◦ Act passed in 1996 with two main goals: 1.Ensure individuals would be able to maintain their health insurance between jobs (the “portability”

 Original Intent: ◦ Act passed in 1996 with two main goals: 1.Ensure individuals would be able to maintain their health insurance between jobs (the “portability”
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Christian Vargas. Also known as Data Privacy or Data Protection Is the relationship between collection and spreading or exposing data and information.

Christian Vargas. Also known as Data Privacy or Data Protection Is the relationship between collection and spreading or exposing data and information.
© 2012 Morgan Cole LLPExpertise | Experience | Efficiency | Contribution 11th October 2012 Avoiding Data Protection pitfalls when collecting Equality Information.

© 2012 Morgan Cole LLPExpertise | Experience | Efficiency | Contribution 11th October 2012 Avoiding Data Protection pitfalls when collecting Equality Information.
Security of Computerized Medical Information: Threats from Authorized Users James G. Anderson, Ph.D. Purdue University.

Security of Computerized Medical Information: Threats from Authorized Users James G. Anderson, Ph.D. Purdue University.
1 FERPA and Student Privacy in Records of University Research ECURE March 1, 2005 Richard Rainsberger, Ph.D. Consultant, Education Records Law and Privacy.

1 FERPA and Student Privacy in Records of University Research ECURE March 1, 2005 Richard Rainsberger, Ph.D. Consultant, Education Records Law and Privacy.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview

Data Protection Overview
The Data Protection Act

The Data Protection Act
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.

 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
Data Protection for Church of Scotland Congregations

Data Protection for Church of Scotland Congregations
Challenges for Civil Liberties

Challenges for Civil Liberties
Board Accreditation Education. Anti-Discrimination Policy: Four Villages is committed to ensuring that all staff, students, Board members and volunteers.

Board Accreditation Education. Anti-Discrimination Policy: Four Villages is committed to ensuring that all staff, students, Board members and volunteers.
. South African Airways South African Airways Applications for vacant position required: POSITION:Flight attendant DUTIES:Serve passengers; Ensure flight.

. South African Airways South African Airways Applications for vacant position required: POSITION:Flight attendant DUTIES:Serve passengers; Ensure flight.
Banks and the Privacy of Medical Information 8 th National HIPAA Summit March 8, 2004 Joy Pritts, JD Health Policy Institute Georgetown University 202-687-0880.

Banks and the Privacy of Medical Information 8 th National HIPAA Summit March 8, 2004 Joy Pritts, JD Health Policy Institute Georgetown University
Human Rights and Patient Care Anahit Harutyunyan Armenia.

Human Rights and Patient Care Anahit Harutyunyan Armenia.

Similar presentations

Ads by Google