close

Вход

Забыли?

вход по аккаунту

?

The Protection of Personal Information Bill

код для вставкиСкачать
The Protection
of Personal
Information Bill
13 February 2013
1
INTRODUCTION
•The POPI Bill, developed out of the Open Democracy Bill
in 1996
• Consumer protection legislation
•Growth of the information age
•Growth of credit, banking, insurance, pharmaceutical,
direct marketing and health care industries
•Growth of electronic and technological databases
•Personal information has become saleable to highest
bidder in order to increase sales
• Data protection legislation; personal info must be
processed with privacy of data subject in mind
2
BACKGROUND
•If collection of personal information is allowed, then it
has to be regulated to allow for fairness, and
effectiveness of such collection and integrity of
information
•Open Democracy Bill
•Removal of data protection provisions from the Bill by
Cabinet
•Different from PAIA(2 of 2000): Free flow of information
•POPI regulates the flow of personal information
•Eight years of research (SALRC)
•First introduced into Parliament in 2009,adopted 9th
version on September 2012
3
OBJECTS OF THE BILL
•To promote the protection of personal information processed by public
and private bodies;
• to introduce certain conditions so as to establish minimum requirements
for the processing of personal information;
•to provide for the establishment of an Information Regulator to exercise
certain powers and to perform certain duties and functions in terms of this
Bill and the Promotion of Access to Information Act, 2000 ;
• to provide for the issuing of codes of conduct; to provide for the rights of
persons regarding unsolicited electronic communications and automated
decision making;
•to regulate the flow of personal information across the borders of the
Republic; and
•to provide for matters connected therewith.
4
DEFINITIONAL ISSUES
•Personal information’ includes information relating to:
п‚·A wide range of personal characteristics - race, gender, sex,
marital status, national, ethnic or social origin; colour, sexual
orientation, age, physical or mental health, well-being, disability,
religion, conscience, belief, culture, language, and birth, etc.
п‚·Educational and medical, financial, criminal, or employment
history.
п‚·Any identifying number/symbol and contact details (email address,
physical address, telephone number etc), location identifier, online
identifier, or biometric data.
п‚·Opinion information, including views/opinions of another person
abut that person;
п‚·Private/confidential personal correspondence.
п‚·The name of the person (if with other personal information).
5
DEFINITIONAL ISSUES
�Processing’ covers all aspects of the information cycle
– including collection, dissemination, and destruction.
�Record’ is any recorded information, regardless of
medium, in the possession of the responsible party
including –
6
KEY ISSUES
Consent,
justification and
objection
11(3)(a)
Retention and
Restriction of
Records
Chapter 3(14)(1)
There is no definition of what constitutes
�reasonable grounds’
The objection by a data subject should be
enough and should not be qualified by
�reasonable grounds’
The Committee should consider placing a
time limit on the retention of records. How
This ultimately protects data subjects
7
KEY ISSUES
Notification of
security
compromises
S 21(4)(c),(d)
Correction of
Personal
Information
S 24(2)(a-c)
Clause (c)-(d) provides for the publication
of the notification when the Regulator. The
Committee should consider whether the
publication process not affect the right to
privacy of a data subject?
The Committee should consider whether it
is appropriate to place time limits on the
correction of information applicable to
both the Regulator and data subject
8
KEY ISSUES
Authorisation
concerning data
subject’s health or
sexual life
S 32 (1)
The Bill proposes exemptions for certain
categories of people such as medical
professionals, insurance companies and probation
institutions or child protection. The Minister and
Minister of Correctional Services, pension fund
administrators are also excluded. The question that
should be considered is whether the exemption
should be granted to those companies that in the
longer term will benefit or profit from information
held by them on data subjects. There are ethics
involved in processing the information and should
be clarified
9
OTHER ISSUES
Authorisation concerning
data subjects’ criminal
behaviour
S 33 (1)
Exemption from
information protection
principles
Chapter 4
S 36 +37
The processing of information by law enforcement
agencies, are exempted. However, clause 33(2) can be
considered too wide ranging because it allows preemptive data processing if the responsible party for their
own lawful purpose, to �protect their legitimate interest’.
The Committee may want to consider placing a
qualification on this clause so that such exemption is
within the constitutional boundaries
The Regulator may, in the public interest or the data
subject’s interest, grant an exemption to authorise the
responsible party to process information even if it
breaches the principles of information protection. The
Committee should consider this clause and weigh it up
with the right to privacy
10
OFFENCES AND PENALTIES
The Bill provides for offences and Penalties
•Obstruction of Regulator.
•Breach of confidentiality.
•Obstruction of execution of warrant.
•Failure to comply with information/enforcement notices is a criminal
offence.
•Failure of witnesses to attend and give evidence or to produce a
book/document or object.
•Failure to comply with conditions for lawful processing in so far as
they relate to the processing of a data subject’s account number.
•Knowingly or recklessly obtaining or disclosing a data subject’s
account number or procuring a data subject’s account number to
another party without consent.
11
CONCLUSION
•The Bill provides protection for data subjects in the
processing of their information
•The Committee should ideally consider the positive
features of the Bill
•Propose that the Committee considers support for the Bill
after satisfying itself that the all areas that require clarity
has been addressed
12
Документ
Категория
Презентации
Просмотров
6
Размер файла
498 Кб
Теги
1/--страниц
Пожаловаться на содержимое документа