SlideShare uma empresa Scribd logo

Ppt

G
Gareth Badrian

The document summarizes the Protection of Personal Information Bill (PPI Bill) of 2009 in South Africa. It provides an overview of the bill's timeline and introduction to parliament. The bill aims to protect personal information and establish a regulatory agency to enforce compliance. It outlines 9 key principles for handling personal information, including obtaining consent and only using data for its intended purpose. The bill also discusses provisions around electronic communications, the responsibilities of the regulatory body, and codes of conduct for industries. It concludes by outlining the requirements companies will need to meet under the new law.

TecnologiaNegócios
1 de 22
Baixar para ler offline
PROTECTION OF PERSONAL INFORMATION BILL (09) 2009 SEPTEMBER 2009
Content • Overview: Timetable, aim • 9 principles • Exceptions and special provisions • Automatic electronic communications • Consent/purpose • The Regulator • Codes of conduct • Table of content of the Bill • Conclusion
Timetable for introduction of PPI Bill (09)of 2009 was tabled in August to Parliament by Cabinet. • It will now go through the Parliamentary process: hearings before the National Assembly portfolio committee. • Could be signed by the President first half of 2010. • It will then take another year before the start of its implementation, including the drafting of regulations, the setting up of a National Information Regulator‟s office and other support structures. So there is time for all businesses to prepare their operations and minimize the impact of the legislation.
The aim of PPI • To give effect to the constitutional right to privacy • To regulate the manner of collection, usage, processing, retention and deletion of personal information • A statutory regulatory agency to be established, information commissioner: to register, monitor, regulate, educate and prosecute the offences • To endorse codes of conduct to make industry sectors self-regulated • To fall in line with international standards for trans border data flow The law applies to all private and public bodies who handle personal information .
9 principles in PPI Bill Personal information must be: • Obtained fairly and lawfully and disclosing the purpose (purpose driven) and used only for the original specified purpose • Adequate, relevant and not excessive to purpose • Get consent as far as it is practical and offer an opt-out option (consent) • In some cases opt-in will be mandatory • Accurate and up to date and delete if requested (control) • Accessible to the subject • Kept securely and destroyed after its purpose is completed • The responsible party has an obligation to comply with all principles • Trans borders compliance They are exclusions and exemptions for each principle and certain circumstances.
1. Accountability • Designate a staff manager to be responsible for adherence to privacy principles throughout the company • Draft a company privacy principles code to be used by all departments • Train all staff affected • Subscribe to an industry code, advise and scrutinize • Register with Information Regulator
2. Disclosure When gathering data from individual consumers marketers shall advise them of: 1. What information is being collected 2. How the information will be used 3. Record their consent When acquiring a list from another organization, must insure that consent was obtained for such usage
3. Controlling the use of information (purpose) • The purpose for which information is collected shall be identified before the time of collection • The collection shall be limited to what is necessary as identified by the company • All involved in the use, transfer, rental, sale or exchange of data must be aware of the exact nature of the list‟s intended usage
4. Safe storage of information of customers • All those involved in the use, transfer, rental, sale or exchange of mailings lists should agree to be responsible for the protection of data and take appropriate measures to ensure against unauthorized access, alteration or dissemination of list data
5. Respect for confidential and sensitive information • Lists owners and users must be protective of consumer‟s rights to privacy of sensitive information like religion, health and sex life, race, political persuasion and criminal behavior and positive consent will have to be obtained ( some industry exceptions)
6. Give consumers control of usage of information • Make reasonable efforts to provide personal own information to consumers on request • The marketer must remove the consumer‟s name from all internal lists or rental to third parties at the request of the consumer at anytime of such request • The marketer must amend any personal information at the request of the consumer or when aware of changes to the data. There is a duty of accuracy in keeping the information (present requirement of PAIA of 2000)
7. Security safeguards • Ensure the integrity of personal information and unlawful access • Information processed by person acting under authority of responsible party • Security measures in place • Notification of security compromises to regulator and data subjects
8. Information no longer required • Formal guidelines and implementation procedure guidelines must be develop to ensure safe destruction or disposal of personal information no longer required.
Exceptions and special provisions Note: Public Domain is excluded • Separate provision has been made for the protection of special (sensitive) personal information like religion, health and sex life, race, political persuasion and criminal behavior. • Section ( sect 66) regulates the unsolicited electronic communications to „opt- in” conditions (except for present customers) • (Sect 67) regulates the compilation and use of directories and ( Sect 68) automated decisions making • Deals with the privacy and advertising to children.
PPI: E-mail, SMS, Fax, automatic dialing machines offers • Section 66 mandates that consent is obtained before contacting new consumers by Email, SMS, automatic dialing machines- opt-in requirement- (spam protection). • Does not apply to telemarketing • Positive consent does not apply for existing customers • ECT Act to be reviewed
“Consent” “purpose” and usage • “Purpose” for collection and usage must be disclosed up front • “Consent” means any freely given, specific and informed expression of will where data subjects agree to the purpose of usage and processing of personal information • An “opt-out” system presumes that the consumer wants to be contacted for marketing offers BUT the system allows people to block the use of their information. • An “opt-in” system presumes that the consumer does not want to be contacted ( even if the information is from publicly available source) and it requires that every consumer be contacted to gain explicit permission. • “Implied consent” can apply to existing customers
Regulator’office & Complaints • Establishment of a Regulator as an independent authority to administer the Bill, issuing codes of conduct, registering companies who intend to process personal information ( to check the purpose and transparency compliance) • Procedures set out to lodge a complaint with the Regulator • Regulator‟s powers and procedures outlined • Regulates the investigations process • Offences and penalties
Codes of conduct • Provisions in the Bill for registration by Associations of business sectors codes. • If the code accepted by the Regulator, the sector becomes self regulated and report to the regulator on its processing of complaints and , from time to time has its code reviewed • Should a company not adhere to the recommendations of the Association, the remedies and penalties of the Bill will apply. • An industry with a Code will also vet its members for compliance to the Bill, and if accepted as a member, the process of prior investigation will not be done by the Regulator.
Conclusion Requirements as Industry standards to reflect: • High degree of transparency and responsibility in gathering and handling consumers‟ personal information, emphasis on security safeguards of databases and computer systems • Set standards for opt-in and opt-out procedures and registers • Set standards for active, technical, management changes to current practices for information gathering and handling • Encourage companies to have privacy policy and communication with staff, training to handle procedures • Registration with the Information Regulator and negotiation to have the standards endorsed under the PPI or be member of an accredited industry association.
Table of content of the Bill ( 12 chapters) • Chapter 1 : Definitions and purpose • Chapter 2 : Application provisions • Chapter 3 : Principles and processing of information • Chapter 4 : Exemptions • Chapter 5 : Information Protection Regulator • Chapter 6 : Notification and prior investigation
Table of content of the Bill ( contd) • Chapter 7 : Codes of conduct • Chapter 8 : Unsolicited electronic communications • Chapter 9 : Trans-border information flows • Chapter 10 : Enforcement • Chapter 11 : Offences and penalties • Chapter 12 : General provisions
Thank you Thank you any questions???

Recomendados

An introduction to data protection - Manchester - 24/06/15
An introduction to data protection - Manchester - 24/06/15An introduction to data protection - Manchester - 24/06/15
An introduction to data protection - Manchester - 24/06/15Rachel Aldighieri
 
Browne Jacobson - Administrative and public law - October 2017
Browne Jacobson - Administrative and public law - October 2017Browne Jacobson - Administrative and public law - October 2017
Browne Jacobson - Administrative and public law - October 2017Browne Jacobson LLP
 
Introduction to data protection - Edinburgh - 29/04/15
Introduction to data protection - Edinburgh - 29/04/15Introduction to data protection - Edinburgh - 29/04/15
Introduction to data protection - Edinburgh - 29/04/15Rachel Aldighieri
 
Domain management and brand protection in the era of the EU's GDPR
Domain management and brand protection in the era of the EU's GDPRDomain management and brand protection in the era of the EU's GDPR
Domain management and brand protection in the era of the EU's GDPRBartLieben
 
An introduction to data protection - 30 Jan 2014
An introduction to data protection - 30 Jan 2014An introduction to data protection - 30 Jan 2014
An introduction to data protection - 30 Jan 2014Rachel Aldighieri
 
mHealth Israel_EU General Data Protection Regulation_Simon Marks
mHealth Israel_EU General Data Protection Regulation_Simon MarksmHealth Israel_EU General Data Protection Regulation_Simon Marks
mHealth Israel_EU General Data Protection Regulation_Simon MarksLevi Shapiro
 
GDPR Overview
GDPR OverviewGDPR Overview
GDPR OverviewTrish McGinity, CCSK
 
Legal update - Leeds
Legal update - LeedsLegal update - Leeds
Legal update - LeedsRachel Aldighieri
 

Recomendados

An introduction to data protection - Manchester - 24/06/15
An introduction to data protection - Manchester - 24/06/15An introduction to data protection - Manchester - 24/06/15
An introduction to data protection - Manchester - 24/06/15Rachel Aldighieri
 
Browne Jacobson - Administrative and public law - October 2017
Browne Jacobson - Administrative and public law - October 2017Browne Jacobson - Administrative and public law - October 2017
Browne Jacobson - Administrative and public law - October 2017Browne Jacobson LLP
 
Introduction to data protection - Edinburgh - 29/04/15
Introduction to data protection - Edinburgh - 29/04/15Introduction to data protection - Edinburgh - 29/04/15
Introduction to data protection - Edinburgh - 29/04/15Rachel Aldighieri
 
Domain management and brand protection in the era of the EU's GDPR
Domain management and brand protection in the era of the EU's GDPRDomain management and brand protection in the era of the EU's GDPR
Domain management and brand protection in the era of the EU's GDPRBartLieben
 
An introduction to data protection - 30 Jan 2014
An introduction to data protection - 30 Jan 2014An introduction to data protection - 30 Jan 2014
An introduction to data protection - 30 Jan 2014Rachel Aldighieri
 
mHealth Israel_EU General Data Protection Regulation_Simon Marks
mHealth Israel_EU General Data Protection Regulation_Simon MarksmHealth Israel_EU General Data Protection Regulation_Simon Marks
mHealth Israel_EU General Data Protection Regulation_Simon MarksLevi Shapiro
 
GDPR Overview
GDPR OverviewGDPR Overview
GDPR OverviewTrish McGinity, CCSK
 
Legal update - Leeds
Legal update - LeedsLegal update - Leeds
Legal update - LeedsRachel Aldighieri
 
GDPRR: The Key Changes
GDPRR: The Key ChangesGDPRR: The Key Changes
GDPRR: The Key ChangesCraig Clark ITIL, CIS LI,EU GDPR P
 
3A – DATA PROTECTION: ADVICE
3A – DATA PROTECTION: ADVICE3A – DATA PROTECTION: ADVICE
3A – DATA PROTECTION: ADVICECFG
 
An introduction to data protection - 2/09/2015
An introduction to data protection - 2/09/2015An introduction to data protection - 2/09/2015
An introduction to data protection - 2/09/2015Rachel Aldighieri
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection RegulationGrittyCC
 
Data protection
Data protectionData protection
Data protectionLewis Silkin
 
Quick Guide to GDPR
Quick Guide to GDPRQuick Guide to GDPR
Quick Guide to GDPRPavol Balaj
 
Simple GDPR Overview
Simple GDPR OverviewSimple GDPR Overview
Simple GDPR OverviewGydeline Ltd
 
DPOs in the public sector, May 2018, Birmingham
DPOs in the public sector, May 2018, BirminghamDPOs in the public sector, May 2018, Birmingham
DPOs in the public sector, May 2018, BirminghamBrowne Jacobson LLP
 
GDPR for public sector DPO's, April 2018, Nottingham
GDPR for public sector DPO's, April 2018, NottinghamGDPR for public sector DPO's, April 2018, Nottingham
GDPR for public sector DPO's, April 2018, NottinghamBrowne Jacobson LLP
 
DPOs in the public sector, May 2018, London
DPOs in the public sector, May 2018, LondonDPOs in the public sector, May 2018, London
DPOs in the public sector, May 2018, LondonBrowne Jacobson LLP
 
Gdpr brexit presentation for brighton seo
Gdpr brexit presentation for brighton seoGdpr brexit presentation for brighton seo
Gdpr brexit presentation for brighton seoKeithBudden3
 
GDPR for public sector DPO's seminar, April 2018, Manchester
GDPR for public sector DPO's seminar, April 2018, ManchesterGDPR for public sector DPO's seminar, April 2018, Manchester
GDPR for public sector DPO's seminar, April 2018, ManchesterBrowne Jacobson LLP
 
A BRIEF HISTORY OF US PRIVACY REGULATION ATTEMPTS
A BRIEF HISTORY OF US PRIVACY REGULATION ATTEMPTSA BRIEF HISTORY OF US PRIVACY REGULATION ATTEMPTS
A BRIEF HISTORY OF US PRIVACY REGULATION ATTEMPTSInternet Law Center
 
GDPR – what does it mean for charities and what you need to consider - Iain P...
GDPR – what does it mean for charities and what you need to consider - Iain P...GDPR – what does it mean for charities and what you need to consider - Iain P...
GDPR – what does it mean for charities and what you need to consider - Iain P...m-hance
 
Niall Rooney FD Event 05.09.19
Niall Rooney FD Event 05.09.19Niall Rooney FD Event 05.09.19
Niall Rooney FD Event 05.09.19Niall Rooney
 
Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17Michael Adamberry
 
ABM Display Advertising Success in the World of GDPR [PPT]
ABM Display Advertising Success in the World of GDPR [PPT]ABM Display Advertising Success in the World of GDPR [PPT]
ABM Display Advertising Success in the World of GDPR [PPT]Kwanzoo Inc
 
Things you need to know about info governance to sell healthtech products int...
Things you need to know about info governance to sell healthtech products int...Things you need to know about info governance to sell healthtech products int...
Things you need to know about info governance to sell healthtech products int...3GDR
 
GDPR in practice
GDPR in practiceGDPR in practice
GDPR in practiceZoneFox
 
Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016John Greenwood
 
Ohhh
OhhhOhhh
OhhhDreaMason
 
Pengenalan excel 1
Pengenalan excel 1Pengenalan excel 1
Pengenalan excel 1y03do
 

Mais conteúdo relacionado

Mais procurados

3A – DATA PROTECTION: ADVICE
3A – DATA PROTECTION: ADVICE3A – DATA PROTECTION: ADVICE
3A – DATA PROTECTION: ADVICECFG
 
An introduction to data protection - 2/09/2015
An introduction to data protection - 2/09/2015An introduction to data protection - 2/09/2015
An introduction to data protection - 2/09/2015Rachel Aldighieri
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection RegulationGrittyCC
 
Quick Guide to GDPR
Quick Guide to GDPRQuick Guide to GDPR
Quick Guide to GDPRPavol Balaj
 
Simple GDPR Overview
Simple GDPR OverviewSimple GDPR Overview
Simple GDPR OverviewGydeline Ltd
 
DPOs in the public sector, May 2018, Birmingham
DPOs in the public sector, May 2018, BirminghamDPOs in the public sector, May 2018, Birmingham
DPOs in the public sector, May 2018, BirminghamBrowne Jacobson LLP
 
GDPR for public sector DPO's, April 2018, Nottingham
GDPR for public sector DPO's, April 2018, NottinghamGDPR for public sector DPO's, April 2018, Nottingham
GDPR for public sector DPO's, April 2018, NottinghamBrowne Jacobson LLP
 
DPOs in the public sector, May 2018, London
DPOs in the public sector, May 2018, LondonDPOs in the public sector, May 2018, London
DPOs in the public sector, May 2018, LondonBrowne Jacobson LLP
 
Gdpr brexit presentation for brighton seo
Gdpr brexit presentation for brighton seoGdpr brexit presentation for brighton seo
Gdpr brexit presentation for brighton seoKeithBudden3
 
GDPR for public sector DPO's seminar, April 2018, Manchester
GDPR for public sector DPO's seminar, April 2018, ManchesterGDPR for public sector DPO's seminar, April 2018, Manchester
GDPR for public sector DPO's seminar, April 2018, ManchesterBrowne Jacobson LLP
 
A BRIEF HISTORY OF US PRIVACY REGULATION ATTEMPTS
A BRIEF HISTORY OF US PRIVACY REGULATION ATTEMPTSA BRIEF HISTORY OF US PRIVACY REGULATION ATTEMPTS
A BRIEF HISTORY OF US PRIVACY REGULATION ATTEMPTSInternet Law Center
 
GDPR – what does it mean for charities and what you need to consider - Iain P...
GDPR – what does it mean for charities and what you need to consider - Iain P...GDPR – what does it mean for charities and what you need to consider - Iain P...
GDPR – what does it mean for charities and what you need to consider - Iain P...m-hance
 
Niall Rooney FD Event 05.09.19
Niall Rooney FD Event 05.09.19Niall Rooney FD Event 05.09.19
Niall Rooney FD Event 05.09.19Niall Rooney
 
Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17Michael Adamberry
 
ABM Display Advertising Success in the World of GDPR [PPT]
ABM Display Advertising Success in the World of GDPR [PPT]ABM Display Advertising Success in the World of GDPR [PPT]
ABM Display Advertising Success in the World of GDPR [PPT]Kwanzoo Inc
 
Things you need to know about info governance to sell healthtech products int...
Things you need to know about info governance to sell healthtech products int...Things you need to know about info governance to sell healthtech products int...
Things you need to know about info governance to sell healthtech products int...3GDR
 
GDPR in practice
GDPR in practiceGDPR in practice
GDPR in practiceZoneFox
 
Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016John Greenwood
 

Mais procurados (20)

GDPRR: The Key Changes
GDPRR: The Key ChangesGDPRR: The Key Changes
GDPRR: The Key Changes
 
3A – DATA PROTECTION: ADVICE
3A – DATA PROTECTION: ADVICE3A – DATA PROTECTION: ADVICE
3A – DATA PROTECTION: ADVICE
 
An introduction to data protection - 2/09/2015
An introduction to data protection - 2/09/2015An introduction to data protection - 2/09/2015
An introduction to data protection - 2/09/2015
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection Regulation
 
Data protection
Data protectionData protection
Data protection
 
Quick Guide to GDPR
Quick Guide to GDPRQuick Guide to GDPR
Quick Guide to GDPR
 
Simple GDPR Overview
Simple GDPR OverviewSimple GDPR Overview
Simple GDPR Overview
 
DPOs in the public sector, May 2018, Birmingham
DPOs in the public sector, May 2018, BirminghamDPOs in the public sector, May 2018, Birmingham
DPOs in the public sector, May 2018, Birmingham
 
GDPR for public sector DPO's, April 2018, Nottingham
GDPR for public sector DPO's, April 2018, NottinghamGDPR for public sector DPO's, April 2018, Nottingham
GDPR for public sector DPO's, April 2018, Nottingham
 
DPOs in the public sector, May 2018, London
DPOs in the public sector, May 2018, LondonDPOs in the public sector, May 2018, London
DPOs in the public sector, May 2018, London
 
Gdpr brexit presentation for brighton seo
Gdpr brexit presentation for brighton seoGdpr brexit presentation for brighton seo
Gdpr brexit presentation for brighton seo
 
GDPR for public sector DPO's seminar, April 2018, Manchester
GDPR for public sector DPO's seminar, April 2018, ManchesterGDPR for public sector DPO's seminar, April 2018, Manchester
GDPR for public sector DPO's seminar, April 2018, Manchester
 
A BRIEF HISTORY OF US PRIVACY REGULATION ATTEMPTS
A BRIEF HISTORY OF US PRIVACY REGULATION ATTEMPTSA BRIEF HISTORY OF US PRIVACY REGULATION ATTEMPTS
A BRIEF HISTORY OF US PRIVACY REGULATION ATTEMPTS
 
GDPR – what does it mean for charities and what you need to consider - Iain P...
GDPR – what does it mean for charities and what you need to consider - Iain P...GDPR – what does it mean for charities and what you need to consider - Iain P...
GDPR – what does it mean for charities and what you need to consider - Iain P...
 
Niall Rooney FD Event 05.09.19
Niall Rooney FD Event 05.09.19Niall Rooney FD Event 05.09.19
Niall Rooney FD Event 05.09.19
 
Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17
 
ABM Display Advertising Success in the World of GDPR [PPT]
ABM Display Advertising Success in the World of GDPR [PPT]ABM Display Advertising Success in the World of GDPR [PPT]
ABM Display Advertising Success in the World of GDPR [PPT]
 
Things you need to know about info governance to sell healthtech products int...
Things you need to know about info governance to sell healthtech products int...Things you need to know about info governance to sell healthtech products int...
Things you need to know about info governance to sell healthtech products int...
 
GDPR in practice
GDPR in practiceGDPR in practice
GDPR in practice
 
Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016
 

Destaque

Pengenalan excel 1
Pengenalan excel 1Pengenalan excel 1
Pengenalan excel 1y03do
 
Tutorial coreldraw 1
Tutorial coreldraw 1Tutorial coreldraw 1
Tutorial coreldraw 1y03do
 
2009 Summer Mission Trip
2009 Summer Mission Trip2009 Summer Mission Trip
2009 Summer Mission TripSusan Waldrop
 
Domestic Violence Presentation
Domestic Violence PresentationDomestic Violence Presentation
Domestic Violence Presentationqueenedie
 
Hype vs. Reality: The AI Explainer
Hype vs. Reality: The AI ExplainerHype vs. Reality: The AI Explainer
Hype vs. Reality: The AI ExplainerLuminary Labs
 

Destaque (7)

Ohhh
OhhhOhhh
Ohhh
 
Pengenalan excel 1
Pengenalan excel 1Pengenalan excel 1
Pengenalan excel 1
 
Tutorial coreldraw 1
Tutorial coreldraw 1Tutorial coreldraw 1
Tutorial coreldraw 1
 
2009 Summer Mission Trip
2009 Summer Mission Trip2009 Summer Mission Trip
2009 Summer Mission Trip
 
Domestic Violence Presentation
Domestic Violence PresentationDomestic Violence Presentation
Domestic Violence Presentation
 
Thank You
Thank YouThank You
Thank You
 
Hype vs. Reality: The AI Explainer
Hype vs. Reality: The AI ExplainerHype vs. Reality: The AI Explainer
Hype vs. Reality: The AI Explainer
 

Semelhante a Ppt

Public sector breakfast club - October 2017, Exeter
Public sector breakfast club - October 2017, ExeterPublic sector breakfast club - October 2017, Exeter
Public sector breakfast club - October 2017, ExeterBrowne Jacobson LLP
 
GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017CloudWATCH Consortium
 
Privacy Policies: Guide to Protecting User Data
Privacy Policies: Guide to Protecting User DataPrivacy Policies: Guide to Protecting User Data
Privacy Policies: Guide to Protecting User DataPrivacyCenter.cloud
 
Public sector breakfast club, October 2016, Exeter
Public sector breakfast club, October 2016, ExeterPublic sector breakfast club, October 2016, Exeter
Public sector breakfast club, October 2016, ExeterBrowne Jacobson LLP
 
Privacy issues in data analytics
Privacy issues in data analyticsPrivacy issues in data analytics
Privacy issues in data analyticsshekharkanodia
 
IT6701 Information Management Unit - V
IT6701 Information Management Unit - VIT6701 Information Management Unit - V
IT6701 Information Management Unit - Vpkaviya
 
DLP: Monitoring Legal Obligations, Managing The Challenges
DLP: Monitoring Legal Obligations, Managing The ChallengesDLP: Monitoring Legal Obligations, Managing The Challenges
DLP: Monitoring Legal Obligations, Managing The ChallengesNapier University
 
Anne Cameron - An Introduction to the Data Protection Act for Researchers
Anne Cameron - An Introduction to the Data Protection Act for ResearchersAnne Cameron - An Introduction to the Data Protection Act for Researchers
Anne Cameron - An Introduction to the Data Protection Act for Researcherskclcompbio
 
Introduction to data protection
Introduction to data protectionIntroduction to data protection
Introduction to data protectionRachel Aldighieri
 
Privacy law-update-whitmeyer-tuffin
Privacy law-update-whitmeyer-tuffinPrivacy law-update-whitmeyer-tuffin
Privacy law-update-whitmeyer-tuffinWhitmeyerTuffin
 
Internet security and privacy issues
Internet security and privacy issuesInternet security and privacy issues
Internet security and privacy issuesJagdeepSingh394
 
Wayne richard - pia risk management - atlseccon2011
Wayne richard - pia risk management - atlseccon2011Wayne richard - pia risk management - atlseccon2011
Wayne richard - pia risk management - atlseccon2011Atlantic Security Conference
 
Members evening - data protection
Members evening - data protectionMembers evening - data protection
Members evening - data protectionMRS
 
Data Protection Act presentation
Data Protection Act presentationData Protection Act presentation
Data Protection Act presentationIan Clive Oultram
 
General Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity ArchitectsGeneral Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity ArchitectsWSO2
 
What is the General Data Protection Regulation (GDPR)?
What is the General Data Protection Regulation (GDPR)?What is the General Data Protection Regulation (GDPR)?
What is the General Data Protection Regulation (GDPR)?TAG Alliances
 

Semelhante a Ppt (20)

Public sector breakfast club - October 2017, Exeter
Public sector breakfast club - October 2017, ExeterPublic sector breakfast club - October 2017, Exeter
Public sector breakfast club - October 2017, Exeter
 
GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017
 
Privacy Policies: Guide to Protecting User Data
Privacy Policies: Guide to Protecting User DataPrivacy Policies: Guide to Protecting User Data
Privacy Policies: Guide to Protecting User Data
 
Public sector breakfast club, October 2016, Exeter
Public sector breakfast club, October 2016, ExeterPublic sector breakfast club, October 2016, Exeter
Public sector breakfast club, October 2016, Exeter
 
GDPR: Key Article Overview
GDPR: Key Article OverviewGDPR: Key Article Overview
GDPR: Key Article Overview
 
Privacy issues in data analytics
Privacy issues in data analyticsPrivacy issues in data analytics
Privacy issues in data analytics
 
IT6701 Information Management Unit - V
IT6701 Information Management Unit - VIT6701 Information Management Unit - V
IT6701 Information Management Unit - V
 
Prepare Your Firm for GDPR
Prepare Your Firm for GDPRPrepare Your Firm for GDPR
Prepare Your Firm for GDPR
 
DLP: Monitoring Legal Obligations, Managing The Challenges
DLP: Monitoring Legal Obligations, Managing The ChallengesDLP: Monitoring Legal Obligations, Managing The Challenges
DLP: Monitoring Legal Obligations, Managing The Challenges
 
Anne Cameron - An Introduction to the Data Protection Act for Researchers
Anne Cameron - An Introduction to the Data Protection Act for ResearchersAnne Cameron - An Introduction to the Data Protection Act for Researchers
Anne Cameron - An Introduction to the Data Protection Act for Researchers
 
Introduction to data protection
Introduction to data protectionIntroduction to data protection
Introduction to data protection
 
Chapter 1 Law & Ethics
Chapter 1 Law & EthicsChapter 1 Law & Ethics
Chapter 1 Law & Ethics
 
Privacy law-update-whitmeyer-tuffin
Privacy law-update-whitmeyer-tuffinPrivacy law-update-whitmeyer-tuffin
Privacy law-update-whitmeyer-tuffin
 
Internet security and privacy issues
Internet security and privacy issuesInternet security and privacy issues
Internet security and privacy issues
 
Wayne richard - pia risk management - atlseccon2011
Wayne richard - pia risk management - atlseccon2011Wayne richard - pia risk management - atlseccon2011
Wayne richard - pia risk management - atlseccon2011
 
Members evening - data protection
Members evening - data protectionMembers evening - data protection
Members evening - data protection
 
Data Protection Act presentation
Data Protection Act presentationData Protection Act presentation
Data Protection Act presentation
 
Overview on data privacy
Overview on data privacy Overview on data privacy
Overview on data privacy
 
General Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity ArchitectsGeneral Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity Architects
 
What is the General Data Protection Regulation (GDPR)?
What is the General Data Protection Regulation (GDPR)?What is the General Data Protection Regulation (GDPR)?
What is the General Data Protection Regulation (GDPR)?
 

Último

Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 

Último (20)

Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 

Ppt

  • 1. PROTECTION OF PERSONAL INFORMATION BILL (09) 2009 SEPTEMBER 2009
  • 2. Content • Overview: Timetable, aim • 9 principles • Exceptions and special provisions • Automatic electronic communications • Consent/purpose • The Regulator • Codes of conduct • Table of content of the Bill • Conclusion
  • 3. Timetable for introduction of PPI Bill (09)of 2009 was tabled in August to Parliament by Cabinet. • It will now go through the Parliamentary process: hearings before the National Assembly portfolio committee. • Could be signed by the President first half of 2010. • It will then take another year before the start of its implementation, including the drafting of regulations, the setting up of a National Information Regulator‟s office and other support structures. So there is time for all businesses to prepare their operations and minimize the impact of the legislation.
  • 4. The aim of PPI • To give effect to the constitutional right to privacy • To regulate the manner of collection, usage, processing, retention and deletion of personal information • A statutory regulatory agency to be established, information commissioner: to register, monitor, regulate, educate and prosecute the offences • To endorse codes of conduct to make industry sectors self-regulated • To fall in line with international standards for trans border data flow The law applies to all private and public bodies who handle personal information .
  • 5. 9 principles in PPI Bill Personal information must be: • Obtained fairly and lawfully and disclosing the purpose (purpose driven) and used only for the original specified purpose • Adequate, relevant and not excessive to purpose • Get consent as far as it is practical and offer an opt-out option (consent) • In some cases opt-in will be mandatory • Accurate and up to date and delete if requested (control) • Accessible to the subject • Kept securely and destroyed after its purpose is completed • The responsible party has an obligation to comply with all principles • Trans borders compliance They are exclusions and exemptions for each principle and certain circumstances.
  • 6. 1. Accountability • Designate a staff manager to be responsible for adherence to privacy principles throughout the company • Draft a company privacy principles code to be used by all departments • Train all staff affected • Subscribe to an industry code, advise and scrutinize • Register with Information Regulator
  • 7. 2. Disclosure When gathering data from individual consumers marketers shall advise them of: 1. What information is being collected 2. How the information will be used 3. Record their consent When acquiring a list from another organization, must insure that consent was obtained for such usage
  • 8. 3. Controlling the use of information (purpose) • The purpose for which information is collected shall be identified before the time of collection • The collection shall be limited to what is necessary as identified by the company • All involved in the use, transfer, rental, sale or exchange of data must be aware of the exact nature of the list‟s intended usage
  • 9. 4. Safe storage of information of customers • All those involved in the use, transfer, rental, sale or exchange of mailings lists should agree to be responsible for the protection of data and take appropriate measures to ensure against unauthorized access, alteration or dissemination of list data
  • 10. 5. Respect for confidential and sensitive information • Lists owners and users must be protective of consumer‟s rights to privacy of sensitive information like religion, health and sex life, race, political persuasion and criminal behavior and positive consent will have to be obtained ( some industry exceptions)
  • 11. 6. Give consumers control of usage of information • Make reasonable efforts to provide personal own information to consumers on request • The marketer must remove the consumer‟s name from all internal lists or rental to third parties at the request of the consumer at anytime of such request • The marketer must amend any personal information at the request of the consumer or when aware of changes to the data. There is a duty of accuracy in keeping the information (present requirement of PAIA of 2000)
  • 12. 7. Security safeguards • Ensure the integrity of personal information and unlawful access • Information processed by person acting under authority of responsible party • Security measures in place • Notification of security compromises to regulator and data subjects
  • 13. 8. Information no longer required • Formal guidelines and implementation procedure guidelines must be develop to ensure safe destruction or disposal of personal information no longer required.
  • 14. Exceptions and special provisions Note: Public Domain is excluded • Separate provision has been made for the protection of special (sensitive) personal information like religion, health and sex life, race, political persuasion and criminal behavior. • Section ( sect 66) regulates the unsolicited electronic communications to „opt- in” conditions (except for present customers) • (Sect 67) regulates the compilation and use of directories and ( Sect 68) automated decisions making • Deals with the privacy and advertising to children.
  • 15. PPI: E-mail, SMS, Fax, automatic dialing machines offers • Section 66 mandates that consent is obtained before contacting new consumers by Email, SMS, automatic dialing machines- opt-in requirement- (spam protection). • Does not apply to telemarketing • Positive consent does not apply for existing customers • ECT Act to be reviewed
  • 16. “Consent” “purpose” and usage • “Purpose” for collection and usage must be disclosed up front • “Consent” means any freely given, specific and informed expression of will where data subjects agree to the purpose of usage and processing of personal information • An “opt-out” system presumes that the consumer wants to be contacted for marketing offers BUT the system allows people to block the use of their information. • An “opt-in” system presumes that the consumer does not want to be contacted ( even if the information is from publicly available source) and it requires that every consumer be contacted to gain explicit permission. • “Implied consent” can apply to existing customers
  • 17. Regulator’office & Complaints • Establishment of a Regulator as an independent authority to administer the Bill, issuing codes of conduct, registering companies who intend to process personal information ( to check the purpose and transparency compliance) • Procedures set out to lodge a complaint with the Regulator • Regulator‟s powers and procedures outlined • Regulates the investigations process • Offences and penalties
  • 18. Codes of conduct • Provisions in the Bill for registration by Associations of business sectors codes. • If the code accepted by the Regulator, the sector becomes self regulated and report to the regulator on its processing of complaints and , from time to time has its code reviewed • Should a company not adhere to the recommendations of the Association, the remedies and penalties of the Bill will apply. • An industry with a Code will also vet its members for compliance to the Bill, and if accepted as a member, the process of prior investigation will not be done by the Regulator.
  • 19. Conclusion Requirements as Industry standards to reflect: • High degree of transparency and responsibility in gathering and handling consumers‟ personal information, emphasis on security safeguards of databases and computer systems • Set standards for opt-in and opt-out procedures and registers • Set standards for active, technical, management changes to current practices for information gathering and handling • Encourage companies to have privacy policy and communication with staff, training to handle procedures • Registration with the Information Regulator and negotiation to have the standards endorsed under the PPI or be member of an accredited industry association.
  • 20. Table of content of the Bill ( 12 chapters) • Chapter 1 : Definitions and purpose • Chapter 2 : Application provisions • Chapter 3 : Principles and processing of information • Chapter 4 : Exemptions • Chapter 5 : Information Protection Regulator • Chapter 6 : Notification and prior investigation
  • 21. Table of content of the Bill ( contd) • Chapter 7 : Codes of conduct • Chapter 8 : Unsolicited electronic communications • Chapter 9 : Trans-border information flows • Chapter 10 : Enforcement • Chapter 11 : Offences and penalties • Chapter 12 : General provisions
  • 22. Thank you Thank you any questions???