1. Data Protection Act
Mohammad Iqbal Dilmahomed Bocus ID: 1102196
Gulshan Gunputh ID: 1102191
Legallant Dony ID:1102193
Bsc(Hons) IT Upgrade PT

2. Data Protection Act
Privacy of data in the age
of TECHNOLOGY
Information privacy, or data privacy is the relationship between collection
and dissemination of data, technology, the public expectation of privacy,
and the legal and political issues surrounding them
Reference from Wikipedia

3. What is Personal Data?
This can be defined as information that can identify a
living person and allow an opinion to be expressed
about that person.
Examples of sensitive personal data:
 Political and religious belief
 Racial and ethnic origin
 Membership of trade unions
 Details of sexual life
 Physical and mental health

4. Data Protection Act
Is a Law designed to protect
personal data
It applies to all data storage
media

5. Definition of Data Protection Act as a Law
Create RIGHTS:
for those who have their data stored
Make RESPONSIBLE:
for those who store and process the
data

6. Why we need Data Protection Act?
In this era of technology, the importance of having
our personal data at hand is fundamental.
At any time or anywhere, we need our personal data
to do transactions.
These sensitive data are stored on servers where
anybody can have access to it.
In order to protect ourselves and our data, the DPA
was passed to protect our privacy.

7. Purpose of the Data Protection Act
To control the way information
is handled and to give legal rights
to people who have information
stored about them.

8. Data Protection Principles
1. Personal data shall be processed fairly and
lawfully
• identity of the data controller must be known
• purpose for which the information is to be
processed should be clear
• Other information relevant in the circumstances
whereby the information pertaining to an individual
might be disclosed

9. Principles of Data Protection Act
2. Personal information shall be obtained only for one or
more specified purposes.
 What is meant by that is that the processing must not be
unsuited with the purpose it was originally intended for.

10. Principles of Data Protection Act (cont)
3. Personal data shall be Adequate, relevant and not excessive
The data controller should capture only the minimum amount
of personal information that is needed to fulfill the purpose of
the processing properly.

11. Principles of Data Protection Act (cont)
4. Personal Data shall be accurate and kept up-to-date
 This principle of the data protection act states that data which are out-
of-date are most likely to be regarded as excessive and irrelevant for
their purpose
 There are certain exceptions for this particular principle which include
the following:
 The data controller has taken reasonable steps to ensure privacy
 The information while inaccurate constitutes an accurate recorded
obtained from the person concerned

12. Principles of Data Protection Act (cont)
5. Personal Information shall not to be retained for more time than it
is required for processing
 In order for this principle to be successfully implemented, there is a
need for continuous appraisal of the information, as well as the
purpose of its collection. In some special circumstances, the data can
be retained after its processing based on the requirement of the
business needs.

13. Principles of Data Protection Act (cont)
6. Processing should be carried out in accordance to the right of
the data subjects
Here is a list of the rights of the data subjects:
 Right to access personal information
 Right to object to automated decision making
 Right to object to direct marketing
 Right to object to certain processing likely to cause damage

14. Principles of Data Protection Act (cont)
7. Personal data shall be kept secured
 The data controller takes the necessary precautions to safeguard data
against unauthorized access, processing, disclosure, damage or loss. The
data protection act takes into consideration two important factors:
1. Cost of the security measure with regards to the nature of the information
and the perceived harm that a security breach could cause
2. The state of the technological development at this time

15. Principles of Data Protection Act (cont)
8. Transfer of data to another country
The data protection act prevents private information to be
transferred to another country unless that country ensures an
adequate level of protection for the rights and freedom of data of
the subjects in relation to the processing of information of
personal data.

16. Definition of key words
 Data Subject
Data subjects, are the people who have data held about
them. Nowadays this includes you, me, everyone.
 Data Controller
A Data controller is the person, business or organization controlling the
collection, contents and use of personal data.

17. Definition of key words (cont)
 Data User
This is an authorized user within the organization or business
who is given an ID and password that enables them to access
data.
 Data processor
The data processor is a person, other than an employee of the
data controller, who has a written contract with the data
controller and who processes personal data on behalf of the data
controller.

18. Definition of key words (cont)
Commissioner
Mrs. Madhub is presently the commissioner in Mauritius. Her job is to:
 register all data controllers in Mauritius
 exercise control over all data processing activities in Mauritius
 investigate complaints
 undertake research in data processing and computer technology,
amongst others.
More information at http://dataprotection.gov.mu/

19. Data Protection Office [PMO]
The Data Protection Office runs under the aegis of the
Prime Minister's Office
The Data Protection Office is to safeguard the privacy
rights of all individuals with regard to the processing of
their personal data, in Mauritius.
During 2009 and 2010, the office has concentrated on the
registration of about 10000-15000 data controllers in
Mauritius

20. Statistics
With the growing awareness of the
existence of data protection laws, the
Investigation Unit has received 11
complaints as at end of December
2011.The Investigators have successfully
investigated 4 suspected cases of data
breach.

21. Case where the DPA has been breached in Mauritius

22. cont
 On 26th June 2010, Dr Richard L Munisamy made a statement to the
police at Point aux Canonniers station accusing Mr Sahrat Dutt Lallh, CEO
of Mauritius Telecom of contravening Section 29 of the Data Protection
Act
 According to a Mauritius Telecom employee, the private database of
Orange customers’ phone numbers had been released to the alliance de
l’avenir who had requested that Mauritius Telecom send a message to
subscribers soliciting their support in the general elections of may 2010.
Apparently, Mauritius telecom made no charge for this service. It is
understood that the case, OB732/10, has recently been transferred to
regional headquarters at Piton where the decision to prosecute will be
taken.

23. Data Protection Act in Mauritius
Data Protection Act 2004 came
into operation in February 2009.
Enforcement is through the
Data Protection Office.

24. Our Rights
 DPA gives everyone the right to see data that is held about them on a
computer system and to have it changed if it is wrong!

25. Offences and Penalties
Any person who contravenes the DPA shall commit
an offence.
Where no specific penalty is provided for an offence,
the person shall, on conviction, be liable to a fine not
exceeding 200,000 rupees and to imprisonment for a
term not exceeding 5 years.

26. Exceptions to the Law
There is some data you can't see.
If the data is held by the
police,
the security forces or the
Inland Revenue then access is denied.