SlideShare une entreprise Scribd logo

Ppt

G
Gareth Badrian

The document summarizes the Protection of Personal Information Bill (PPI Bill) of 2009 in South Africa. It provides an overview of the bill's timeline and introduction to parliament. The bill aims to protect personal information and establish a regulatory agency to enforce compliance. It outlines 9 key principles for handling personal information, including obtaining consent and only using data for its intended purpose. The bill also discusses provisions around electronic communications, the responsibilities of the regulatory body, and codes of conduct for industries. It concludes by outlining the requirements companies will need to meet under the new law.

TechnologieBusiness
1  sur  22
Télécharger pour lire hors ligne
PROTECTION OF PERSONAL INFORMATION BILL (09) 2009 SEPTEMBER 2009
Content • Overview: Timetable, aim • 9 principles • Exceptions and special provisions • Automatic electronic communications • Consent/purpose • The Regulator • Codes of conduct • Table of content of the Bill • Conclusion
Timetable for introduction of PPI Bill (09)of 2009 was tabled in August to Parliament by Cabinet. • It will now go through the Parliamentary process: hearings before the National Assembly portfolio committee. • Could be signed by the President first half of 2010. • It will then take another year before the start of its implementation, including the drafting of regulations, the setting up of a National Information Regulator‟s office and other support structures. So there is time for all businesses to prepare their operations and minimize the impact of the legislation.
The aim of PPI • To give effect to the constitutional right to privacy • To regulate the manner of collection, usage, processing, retention and deletion of personal information • A statutory regulatory agency to be established, information commissioner: to register, monitor, regulate, educate and prosecute the offences • To endorse codes of conduct to make industry sectors self-regulated • To fall in line with international standards for trans border data flow The law applies to all private and public bodies who handle personal information .
9 principles in PPI Bill Personal information must be: • Obtained fairly and lawfully and disclosing the purpose (purpose driven) and used only for the original specified purpose • Adequate, relevant and not excessive to purpose • Get consent as far as it is practical and offer an opt-out option (consent) • In some cases opt-in will be mandatory • Accurate and up to date and delete if requested (control) • Accessible to the subject • Kept securely and destroyed after its purpose is completed • The responsible party has an obligation to comply with all principles • Trans borders compliance They are exclusions and exemptions for each principle and certain circumstances.
1. Accountability • Designate a staff manager to be responsible for adherence to privacy principles throughout the company • Draft a company privacy principles code to be used by all departments • Train all staff affected • Subscribe to an industry code, advise and scrutinize • Register with Information Regulator
2. Disclosure When gathering data from individual consumers marketers shall advise them of: 1. What information is being collected 2. How the information will be used 3. Record their consent When acquiring a list from another organization, must insure that consent was obtained for such usage
3. Controlling the use of information (purpose) • The purpose for which information is collected shall be identified before the time of collection • The collection shall be limited to what is necessary as identified by the company • All involved in the use, transfer, rental, sale or exchange of data must be aware of the exact nature of the list‟s intended usage
4. Safe storage of information of customers • All those involved in the use, transfer, rental, sale or exchange of mailings lists should agree to be responsible for the protection of data and take appropriate measures to ensure against unauthorized access, alteration or dissemination of list data
5. Respect for confidential and sensitive information • Lists owners and users must be protective of consumer‟s rights to privacy of sensitive information like religion, health and sex life, race, political persuasion and criminal behavior and positive consent will have to be obtained ( some industry exceptions)
6. Give consumers control of usage of information • Make reasonable efforts to provide personal own information to consumers on request • The marketer must remove the consumer‟s name from all internal lists or rental to third parties at the request of the consumer at anytime of such request • The marketer must amend any personal information at the request of the consumer or when aware of changes to the data. There is a duty of accuracy in keeping the information (present requirement of PAIA of 2000)
7. Security safeguards • Ensure the integrity of personal information and unlawful access • Information processed by person acting under authority of responsible party • Security measures in place • Notification of security compromises to regulator and data subjects
8. Information no longer required • Formal guidelines and implementation procedure guidelines must be develop to ensure safe destruction or disposal of personal information no longer required.
Exceptions and special provisions Note: Public Domain is excluded • Separate provision has been made for the protection of special (sensitive) personal information like religion, health and sex life, race, political persuasion and criminal behavior. • Section ( sect 66) regulates the unsolicited electronic communications to „opt- in” conditions (except for present customers) • (Sect 67) regulates the compilation and use of directories and ( Sect 68) automated decisions making • Deals with the privacy and advertising to children.
PPI: E-mail, SMS, Fax, automatic dialing machines offers • Section 66 mandates that consent is obtained before contacting new consumers by Email, SMS, automatic dialing machines- opt-in requirement- (spam protection). • Does not apply to telemarketing • Positive consent does not apply for existing customers • ECT Act to be reviewed
“Consent” “purpose” and usage • “Purpose” for collection and usage must be disclosed up front • “Consent” means any freely given, specific and informed expression of will where data subjects agree to the purpose of usage and processing of personal information • An “opt-out” system presumes that the consumer wants to be contacted for marketing offers BUT the system allows people to block the use of their information. • An “opt-in” system presumes that the consumer does not want to be contacted ( even if the information is from publicly available source) and it requires that every consumer be contacted to gain explicit permission. • “Implied consent” can apply to existing customers
Regulator’office & Complaints • Establishment of a Regulator as an independent authority to administer the Bill, issuing codes of conduct, registering companies who intend to process personal information ( to check the purpose and transparency compliance) • Procedures set out to lodge a complaint with the Regulator • Regulator‟s powers and procedures outlined • Regulates the investigations process • Offences and penalties
Codes of conduct • Provisions in the Bill for registration by Associations of business sectors codes. • If the code accepted by the Regulator, the sector becomes self regulated and report to the regulator on its processing of complaints and , from time to time has its code reviewed • Should a company not adhere to the recommendations of the Association, the remedies and penalties of the Bill will apply. • An industry with a Code will also vet its members for compliance to the Bill, and if accepted as a member, the process of prior investigation will not be done by the Regulator.
Conclusion Requirements as Industry standards to reflect: • High degree of transparency and responsibility in gathering and handling consumers‟ personal information, emphasis on security safeguards of databases and computer systems • Set standards for opt-in and opt-out procedures and registers • Set standards for active, technical, management changes to current practices for information gathering and handling • Encourage companies to have privacy policy and communication with staff, training to handle procedures • Registration with the Information Regulator and negotiation to have the standards endorsed under the PPI or be member of an accredited industry association.
Table of content of the Bill ( 12 chapters) • Chapter 1 : Definitions and purpose • Chapter 2 : Application provisions • Chapter 3 : Principles and processing of information • Chapter 4 : Exemptions • Chapter 5 : Information Protection Regulator • Chapter 6 : Notification and prior investigation
Table of content of the Bill ( contd) • Chapter 7 : Codes of conduct • Chapter 8 : Unsolicited electronic communications • Chapter 9 : Trans-border information flows • Chapter 10 : Enforcement • Chapter 11 : Offences and penalties • Chapter 12 : General provisions
Thank you Thank you any questions???

Recommandé

An introduction to data protection - Manchester - 24/06/15
An introduction to data protection - Manchester - 24/06/15An introduction to data protection - Manchester - 24/06/15
An introduction to data protection - Manchester - 24/06/15
Rachel Aldighieri
 
Browne Jacobson - Administrative and public law - October 2017
Browne Jacobson - Administrative and public law - October 2017Browne Jacobson - Administrative and public law - October 2017
Browne Jacobson - Administrative and public law - October 2017
Browne Jacobson LLP
 
Introduction to data protection - Edinburgh - 29/04/15
Introduction to data protection - Edinburgh - 29/04/15Introduction to data protection - Edinburgh - 29/04/15
Introduction to data protection - Edinburgh - 29/04/15
Rachel Aldighieri
 
Domain management and brand protection in the era of the EU's GDPR
Domain management and brand protection in the era of the EU's GDPRDomain management and brand protection in the era of the EU's GDPR
Domain management and brand protection in the era of the EU's GDPR
BartLieben
 
An introduction to data protection - 30 Jan 2014
An introduction to data protection - 30 Jan 2014An introduction to data protection - 30 Jan 2014
An introduction to data protection - 30 Jan 2014
Rachel Aldighieri
 
mHealth Israel_EU General Data Protection Regulation_Simon Marks
mHealth Israel_EU General Data Protection Regulation_Simon MarksmHealth Israel_EU General Data Protection Regulation_Simon Marks
mHealth Israel_EU General Data Protection Regulation_Simon Marks
Levi Shapiro
 
GDPR Overview
GDPR OverviewGDPR Overview
GDPR Overview
Trish McGinity, CCSK
 
Legal update - Leeds
Legal update - LeedsLegal update - Leeds
Legal update - Leeds
Rachel Aldighieri
 

Recommandé

An introduction to data protection - Manchester - 24/06/15
An introduction to data protection - Manchester - 24/06/15An introduction to data protection - Manchester - 24/06/15
An introduction to data protection - Manchester - 24/06/15
Rachel Aldighieri
 
Browne Jacobson - Administrative and public law - October 2017
Browne Jacobson - Administrative and public law - October 2017Browne Jacobson - Administrative and public law - October 2017
Browne Jacobson - Administrative and public law - October 2017
Browne Jacobson LLP
 
Introduction to data protection - Edinburgh - 29/04/15
Introduction to data protection - Edinburgh - 29/04/15Introduction to data protection - Edinburgh - 29/04/15
Introduction to data protection - Edinburgh - 29/04/15
Rachel Aldighieri
 
Domain management and brand protection in the era of the EU's GDPR
Domain management and brand protection in the era of the EU's GDPRDomain management and brand protection in the era of the EU's GDPR
Domain management and brand protection in the era of the EU's GDPR
BartLieben
 
An introduction to data protection - 30 Jan 2014
An introduction to data protection - 30 Jan 2014An introduction to data protection - 30 Jan 2014
An introduction to data protection - 30 Jan 2014
Rachel Aldighieri
 
mHealth Israel_EU General Data Protection Regulation_Simon Marks
mHealth Israel_EU General Data Protection Regulation_Simon MarksmHealth Israel_EU General Data Protection Regulation_Simon Marks
mHealth Israel_EU General Data Protection Regulation_Simon Marks
Levi Shapiro
 
GDPR Overview
GDPR OverviewGDPR Overview
GDPR Overview
Trish McGinity, CCSK
 
Legal update - Leeds
Legal update - LeedsLegal update - Leeds
Legal update - Leeds
Rachel Aldighieri
 
GDPRR: The Key Changes
GDPRR: The Key ChangesGDPRR: The Key Changes
GDPRR: The Key Changes
Craig Clark ITIL, CIS LI,EU GDPR P
 
3A – DATA PROTECTION: ADVICE
3A – DATA PROTECTION: ADVICE3A – DATA PROTECTION: ADVICE
3A – DATA PROTECTION: ADVICE
CFG
 
An introduction to data protection - 2/09/2015
An introduction to data protection - 2/09/2015An introduction to data protection - 2/09/2015
An introduction to data protection - 2/09/2015
Rachel Aldighieri
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection Regulation
GrittyCC
 
Data protection
Data protectionData protection
Data protection
Lewis Silkin
 
Quick Guide to GDPR
Quick Guide to GDPRQuick Guide to GDPR
Quick Guide to GDPR
Pavol Balaj
 
Simple GDPR Overview
Simple GDPR OverviewSimple GDPR Overview
Simple GDPR Overview
Gydeline Ltd
 
DPOs in the public sector, May 2018, Birmingham
DPOs in the public sector, May 2018, BirminghamDPOs in the public sector, May 2018, Birmingham
DPOs in the public sector, May 2018, Birmingham
Browne Jacobson LLP
 
GDPR for public sector DPO's, April 2018, Nottingham
GDPR for public sector DPO's, April 2018, NottinghamGDPR for public sector DPO's, April 2018, Nottingham
GDPR for public sector DPO's, April 2018, Nottingham
Browne Jacobson LLP
 
DPOs in the public sector, May 2018, London
DPOs in the public sector, May 2018, LondonDPOs in the public sector, May 2018, London
DPOs in the public sector, May 2018, London
Browne Jacobson LLP
 
Gdpr brexit presentation for brighton seo
Gdpr brexit presentation for brighton seoGdpr brexit presentation for brighton seo
Gdpr brexit presentation for brighton seo
KeithBudden3
 
GDPR for public sector DPO's seminar, April 2018, Manchester
GDPR for public sector DPO's seminar, April 2018, ManchesterGDPR for public sector DPO's seminar, April 2018, Manchester
GDPR for public sector DPO's seminar, April 2018, Manchester
Browne Jacobson LLP
 
A BRIEF HISTORY OF US PRIVACY REGULATION ATTEMPTS
A BRIEF HISTORY OF US PRIVACY REGULATION ATTEMPTSA BRIEF HISTORY OF US PRIVACY REGULATION ATTEMPTS
A BRIEF HISTORY OF US PRIVACY REGULATION ATTEMPTS
Internet Law Center
 
GDPR – what does it mean for charities and what you need to consider - Iain P...
GDPR – what does it mean for charities and what you need to consider - Iain P...GDPR – what does it mean for charities and what you need to consider - Iain P...
GDPR – what does it mean for charities and what you need to consider - Iain P...
m-hance
 
Niall Rooney FD Event 05.09.19
Niall Rooney FD Event 05.09.19Niall Rooney FD Event 05.09.19
Niall Rooney FD Event 05.09.19
Niall Rooney
 
Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17
Michael Adamberry
 
ABM Display Advertising Success in the World of GDPR [PPT]
ABM Display Advertising Success in the World of GDPR [PPT]ABM Display Advertising Success in the World of GDPR [PPT]
ABM Display Advertising Success in the World of GDPR [PPT]
Kwanzoo Inc
 
Things you need to know about info governance to sell healthtech products int...
Things you need to know about info governance to sell healthtech products int...Things you need to know about info governance to sell healthtech products int...
Things you need to know about info governance to sell healthtech products int...
3GDR
 
GDPR in practice
GDPR in practiceGDPR in practice
GDPR in practice
ZoneFox
 
Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016
John Greenwood
 
Ohhh
OhhhOhhh
Ohhh
DreaMason
 
Pengenalan excel 1
Pengenalan excel 1Pengenalan excel 1
Pengenalan excel 1
y03do
 

Contenu connexe

Tendances

3A – DATA PROTECTION: ADVICE
3A – DATA PROTECTION: ADVICE3A – DATA PROTECTION: ADVICE
3A – DATA PROTECTION: ADVICE
CFG
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection Regulation
GrittyCC
 
Quick Guide to GDPR
Quick Guide to GDPRQuick Guide to GDPR
Quick Guide to GDPR
Pavol Balaj
 
Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016
John Greenwood
 

Tendances (20)

GDPRR: The Key Changes
GDPRR: The Key ChangesGDPRR: The Key Changes
GDPRR: The Key Changes
 
3A – DATA PROTECTION: ADVICE
3A – DATA PROTECTION: ADVICE3A – DATA PROTECTION: ADVICE
3A – DATA PROTECTION: ADVICE
 
An introduction to data protection - 2/09/2015
An introduction to data protection - 2/09/2015An introduction to data protection - 2/09/2015
An introduction to data protection - 2/09/2015
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection Regulation
 
Data protection
Data protectionData protection
Data protection
 
Quick Guide to GDPR
Quick Guide to GDPRQuick Guide to GDPR
Quick Guide to GDPR
 
Simple GDPR Overview
Simple GDPR OverviewSimple GDPR Overview
Simple GDPR Overview
 
DPOs in the public sector, May 2018, Birmingham
DPOs in the public sector, May 2018, BirminghamDPOs in the public sector, May 2018, Birmingham
DPOs in the public sector, May 2018, Birmingham
 
GDPR for public sector DPO's, April 2018, Nottingham
GDPR for public sector DPO's, April 2018, NottinghamGDPR for public sector DPO's, April 2018, Nottingham
GDPR for public sector DPO's, April 2018, Nottingham
 
DPOs in the public sector, May 2018, London
DPOs in the public sector, May 2018, LondonDPOs in the public sector, May 2018, London
DPOs in the public sector, May 2018, London
 
Gdpr brexit presentation for brighton seo
Gdpr brexit presentation for brighton seoGdpr brexit presentation for brighton seo
Gdpr brexit presentation for brighton seo
 
GDPR for public sector DPO's seminar, April 2018, Manchester
GDPR for public sector DPO's seminar, April 2018, ManchesterGDPR for public sector DPO's seminar, April 2018, Manchester
GDPR for public sector DPO's seminar, April 2018, Manchester
 
A BRIEF HISTORY OF US PRIVACY REGULATION ATTEMPTS
A BRIEF HISTORY OF US PRIVACY REGULATION ATTEMPTSA BRIEF HISTORY OF US PRIVACY REGULATION ATTEMPTS
A BRIEF HISTORY OF US PRIVACY REGULATION ATTEMPTS
 
GDPR – what does it mean for charities and what you need to consider - Iain P...
GDPR – what does it mean for charities and what you need to consider - Iain P...GDPR – what does it mean for charities and what you need to consider - Iain P...
GDPR – what does it mean for charities and what you need to consider - Iain P...
 
Niall Rooney FD Event 05.09.19
Niall Rooney FD Event 05.09.19Niall Rooney FD Event 05.09.19
Niall Rooney FD Event 05.09.19
 
Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17
 
ABM Display Advertising Success in the World of GDPR [PPT]
ABM Display Advertising Success in the World of GDPR [PPT]ABM Display Advertising Success in the World of GDPR [PPT]
ABM Display Advertising Success in the World of GDPR [PPT]
 
Things you need to know about info governance to sell healthtech products int...
Things you need to know about info governance to sell healthtech products int...Things you need to know about info governance to sell healthtech products int...
Things you need to know about info governance to sell healthtech products int...
 
GDPR in practice
GDPR in practiceGDPR in practice
GDPR in practice
 
Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016
 

En vedette

Pengenalan excel 1
Pengenalan excel 1Pengenalan excel 1
Pengenalan excel 1
y03do
 
Tutorial coreldraw 1
Tutorial coreldraw 1Tutorial coreldraw 1
Tutorial coreldraw 1
y03do
 
2009 Summer Mission Trip
2009 Summer Mission Trip2009 Summer Mission Trip
2009 Summer Mission Trip
Susan Waldrop
 
Domestic Violence Presentation
Domestic Violence PresentationDomestic Violence Presentation
Domestic Violence Presentation
queenedie
 

En vedette (7)

Ohhh
OhhhOhhh
Ohhh
 
Pengenalan excel 1
Pengenalan excel 1Pengenalan excel 1
Pengenalan excel 1
 
Tutorial coreldraw 1
Tutorial coreldraw 1Tutorial coreldraw 1
Tutorial coreldraw 1
 
2009 Summer Mission Trip
2009 Summer Mission Trip2009 Summer Mission Trip
2009 Summer Mission Trip
 
Domestic Violence Presentation
Domestic Violence PresentationDomestic Violence Presentation
Domestic Violence Presentation
 
Thank You
Thank YouThank You
Thank You
 
Hype vs. Reality: The AI Explainer
Hype vs. Reality: The AI ExplainerHype vs. Reality: The AI Explainer
Hype vs. Reality: The AI Explainer
 

Similaire à Ppt

Anne Cameron - An Introduction to the Data Protection Act for Researchers
Anne Cameron - An Introduction to the Data Protection Act for ResearchersAnne Cameron - An Introduction to the Data Protection Act for Researchers
Anne Cameron - An Introduction to the Data Protection Act for Researchers
kclcompbio
 
Data Protection Act presentation
Data Protection Act presentationData Protection Act presentation
Data Protection Act presentation
Ian Clive Oultram
 
General Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity ArchitectsGeneral Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity Architects
WSO2
 

Similaire à Ppt (20)

Public sector breakfast club - October 2017, Exeter
Public sector breakfast club - October 2017, ExeterPublic sector breakfast club - October 2017, Exeter
Public sector breakfast club - October 2017, Exeter
 
GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017
 
Privacy Policies: Guide to Protecting User Data
Privacy Policies: Guide to Protecting User DataPrivacy Policies: Guide to Protecting User Data
Privacy Policies: Guide to Protecting User Data
 
Public sector breakfast club, October 2016, Exeter
Public sector breakfast club, October 2016, ExeterPublic sector breakfast club, October 2016, Exeter
Public sector breakfast club, October 2016, Exeter
 
GDPR: Key Article Overview
GDPR: Key Article OverviewGDPR: Key Article Overview
GDPR: Key Article Overview
 
Privacy issues in data analytics
Privacy issues in data analyticsPrivacy issues in data analytics
Privacy issues in data analytics
 
IT6701 Information Management Unit - V
IT6701 Information Management Unit - VIT6701 Information Management Unit - V
IT6701 Information Management Unit - V
 
Prepare Your Firm for GDPR
Prepare Your Firm for GDPRPrepare Your Firm for GDPR
Prepare Your Firm for GDPR
 
DLP: Monitoring Legal Obligations, Managing The Challenges
DLP: Monitoring Legal Obligations, Managing The ChallengesDLP: Monitoring Legal Obligations, Managing The Challenges
DLP: Monitoring Legal Obligations, Managing The Challenges
 
Anne Cameron - An Introduction to the Data Protection Act for Researchers
Anne Cameron - An Introduction to the Data Protection Act for ResearchersAnne Cameron - An Introduction to the Data Protection Act for Researchers
Anne Cameron - An Introduction to the Data Protection Act for Researchers
 
Introduction to data protection
Introduction to data protectionIntroduction to data protection
Introduction to data protection
 
Chapter 1 Law & Ethics
Chapter 1 Law & EthicsChapter 1 Law & Ethics
Chapter 1 Law & Ethics
 
Privacy law-update-whitmeyer-tuffin
Privacy law-update-whitmeyer-tuffinPrivacy law-update-whitmeyer-tuffin
Privacy law-update-whitmeyer-tuffin
 
Internet security and privacy issues
Internet security and privacy issuesInternet security and privacy issues
Internet security and privacy issues
 
Wayne richard - pia risk management - atlseccon2011
Wayne richard - pia risk management - atlseccon2011Wayne richard - pia risk management - atlseccon2011
Wayne richard - pia risk management - atlseccon2011
 
Members evening - data protection
Members evening - data protectionMembers evening - data protection
Members evening - data protection
 
Data Protection Act presentation
Data Protection Act presentationData Protection Act presentation
Data Protection Act presentation
 
Overview on data privacy
Overview on data privacy Overview on data privacy
Overview on data privacy
 
General Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity ArchitectsGeneral Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity Architects
 
What is the General Data Protection Regulation (GDPR)?
What is the General Data Protection Regulation (GDPR)?What is the General Data Protection Regulation (GDPR)?
What is the General Data Protection Regulation (GDPR)?
 

Dernier

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
 

Dernier (20)

Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 

Ppt

  • 1. PROTECTION OF PERSONAL INFORMATION BILL (09) 2009 SEPTEMBER 2009
  • 2. Content • Overview: Timetable, aim • 9 principles • Exceptions and special provisions • Automatic electronic communications • Consent/purpose • The Regulator • Codes of conduct • Table of content of the Bill • Conclusion
  • 3. Timetable for introduction of PPI Bill (09)of 2009 was tabled in August to Parliament by Cabinet. • It will now go through the Parliamentary process: hearings before the National Assembly portfolio committee. • Could be signed by the President first half of 2010. • It will then take another year before the start of its implementation, including the drafting of regulations, the setting up of a National Information Regulator‟s office and other support structures. So there is time for all businesses to prepare their operations and minimize the impact of the legislation.
  • 4. The aim of PPI • To give effect to the constitutional right to privacy • To regulate the manner of collection, usage, processing, retention and deletion of personal information • A statutory regulatory agency to be established, information commissioner: to register, monitor, regulate, educate and prosecute the offences • To endorse codes of conduct to make industry sectors self-regulated • To fall in line with international standards for trans border data flow The law applies to all private and public bodies who handle personal information .
  • 5. 9 principles in PPI Bill Personal information must be: • Obtained fairly and lawfully and disclosing the purpose (purpose driven) and used only for the original specified purpose • Adequate, relevant and not excessive to purpose • Get consent as far as it is practical and offer an opt-out option (consent) • In some cases opt-in will be mandatory • Accurate and up to date and delete if requested (control) • Accessible to the subject • Kept securely and destroyed after its purpose is completed • The responsible party has an obligation to comply with all principles • Trans borders compliance They are exclusions and exemptions for each principle and certain circumstances.
  • 6. 1. Accountability • Designate a staff manager to be responsible for adherence to privacy principles throughout the company • Draft a company privacy principles code to be used by all departments • Train all staff affected • Subscribe to an industry code, advise and scrutinize • Register with Information Regulator
  • 7. 2. Disclosure When gathering data from individual consumers marketers shall advise them of: 1. What information is being collected 2. How the information will be used 3. Record their consent When acquiring a list from another organization, must insure that consent was obtained for such usage
  • 8. 3. Controlling the use of information (purpose) • The purpose for which information is collected shall be identified before the time of collection • The collection shall be limited to what is necessary as identified by the company • All involved in the use, transfer, rental, sale or exchange of data must be aware of the exact nature of the list‟s intended usage
  • 9. 4. Safe storage of information of customers • All those involved in the use, transfer, rental, sale or exchange of mailings lists should agree to be responsible for the protection of data and take appropriate measures to ensure against unauthorized access, alteration or dissemination of list data
  • 10. 5. Respect for confidential and sensitive information • Lists owners and users must be protective of consumer‟s rights to privacy of sensitive information like religion, health and sex life, race, political persuasion and criminal behavior and positive consent will have to be obtained ( some industry exceptions)
  • 11. 6. Give consumers control of usage of information • Make reasonable efforts to provide personal own information to consumers on request • The marketer must remove the consumer‟s name from all internal lists or rental to third parties at the request of the consumer at anytime of such request • The marketer must amend any personal information at the request of the consumer or when aware of changes to the data. There is a duty of accuracy in keeping the information (present requirement of PAIA of 2000)
  • 12. 7. Security safeguards • Ensure the integrity of personal information and unlawful access • Information processed by person acting under authority of responsible party • Security measures in place • Notification of security compromises to regulator and data subjects
  • 13. 8. Information no longer required • Formal guidelines and implementation procedure guidelines must be develop to ensure safe destruction or disposal of personal information no longer required.
  • 14. Exceptions and special provisions Note: Public Domain is excluded • Separate provision has been made for the protection of special (sensitive) personal information like religion, health and sex life, race, political persuasion and criminal behavior. • Section ( sect 66) regulates the unsolicited electronic communications to „opt- in” conditions (except for present customers) • (Sect 67) regulates the compilation and use of directories and ( Sect 68) automated decisions making • Deals with the privacy and advertising to children.
  • 15. PPI: E-mail, SMS, Fax, automatic dialing machines offers • Section 66 mandates that consent is obtained before contacting new consumers by Email, SMS, automatic dialing machines- opt-in requirement- (spam protection). • Does not apply to telemarketing • Positive consent does not apply for existing customers • ECT Act to be reviewed
  • 16. “Consent” “purpose” and usage • “Purpose” for collection and usage must be disclosed up front • “Consent” means any freely given, specific and informed expression of will where data subjects agree to the purpose of usage and processing of personal information • An “opt-out” system presumes that the consumer wants to be contacted for marketing offers BUT the system allows people to block the use of their information. • An “opt-in” system presumes that the consumer does not want to be contacted ( even if the information is from publicly available source) and it requires that every consumer be contacted to gain explicit permission. • “Implied consent” can apply to existing customers
  • 17. Regulator’office & Complaints • Establishment of a Regulator as an independent authority to administer the Bill, issuing codes of conduct, registering companies who intend to process personal information ( to check the purpose and transparency compliance) • Procedures set out to lodge a complaint with the Regulator • Regulator‟s powers and procedures outlined • Regulates the investigations process • Offences and penalties
  • 18. Codes of conduct • Provisions in the Bill for registration by Associations of business sectors codes. • If the code accepted by the Regulator, the sector becomes self regulated and report to the regulator on its processing of complaints and , from time to time has its code reviewed • Should a company not adhere to the recommendations of the Association, the remedies and penalties of the Bill will apply. • An industry with a Code will also vet its members for compliance to the Bill, and if accepted as a member, the process of prior investigation will not be done by the Regulator.
  • 19. Conclusion Requirements as Industry standards to reflect: • High degree of transparency and responsibility in gathering and handling consumers‟ personal information, emphasis on security safeguards of databases and computer systems • Set standards for opt-in and opt-out procedures and registers • Set standards for active, technical, management changes to current practices for information gathering and handling • Encourage companies to have privacy policy and communication with staff, training to handle procedures • Registration with the Information Regulator and negotiation to have the standards endorsed under the PPI or be member of an accredited industry association.
  • 20. Table of content of the Bill ( 12 chapters) • Chapter 1 : Definitions and purpose • Chapter 2 : Application provisions • Chapter 3 : Principles and processing of information • Chapter 4 : Exemptions • Chapter 5 : Information Protection Regulator • Chapter 6 : Notification and prior investigation
  • 21. Table of content of the Bill ( contd) • Chapter 7 : Codes of conduct • Chapter 8 : Unsolicited electronic communications • Chapter 9 : Trans-border information flows • Chapter 10 : Enforcement • Chapter 11 : Offences and penalties • Chapter 12 : General provisions
  • 22. Thank you Thank you any questions???