Presentation on theme: "Commissioner for Personal Data Protection"— Presentation transcript:
1Commissioner for Personal Data Protection REPUBLIC OF ALBANIACommissioner for Personal Data ProtectionKiev, May 2012
2Legal ApproachCommissioner’s ActsApprovedAmendments to the Law Nr. 9887, dated "On personal data protection", which are prepared in collaboration with the experts of the project IPA-2009;Instruction no. 10, dated “On processing of personal data in the framework of the hotel services”;Instruction no. 11, dated “On processing of data of employees in the private sector";Instruction No. 12, dated “On the Control of Identity at the entrance of buildings";Instruction no. 13, dated ““On some additions and changes in Instruction no. 3, dated "On CCTV surveillance system in buildings and other premises””;Instruction no. 14, dated “On processing, protection and security of personal data in electronic communications sector of the public";Instruction no. 15, dated “On processing and publication of personal data in the judicial system";Instruction no. 16, dated “On protection of personal data in direct marketing and security measures“;Instruction no. 17 "On determining the time of retention of personal data processed in electronic systems, by the state police for the purposes of prevention, investigation, detection and prosecution of criminal acts “.Under processDraft Instruction “On determining the rules for safeguarding the security of personal data processed by small entities”;Draft Instruction "On the processing of personal data in the banking sector“;Draft Instruction "On the regulation of relations between controllers and processors in case of delegation of data processing and use of a contract in cases of this type of delegation“;Draft Instruction “ On security measures for large enterprises that process personal data";Draft Decision on amendments to the Decision no. 1 entitled " On determining the detailed rules for safeguarding the personal data “;Draft Instruction “For processing of personal data within the clinical trials of drugs“.
3Legal Opinions/ Amendments/Other Other important acts (aproved)Manual on Evaluation of Requests for Approvals of Data Transfers to Foreign States;Manual of Notification Procedures:Manual of Inspection Procedures;Glossary of Terms for the Protection of Personal Data;Institutional Strategy of the Commissioner for Personal Data Protection for the period and Action Plan;Strategy for the trainings in the Commissioner for Personal Data Protection.Establishment and enhancement of the online library of our institution which is important for the activity of the institution, also the official website and intranet.Proposals for amendmentsCivil Code of the Republic of Albania (for the human dignity);Penal Code of the Republic of Albania;Law No. 9662, dated "On Banks in the Republic of Albania“;Law No. 9749, dated "On State Police“;Law N dated "On the Establishment of the Center of Data Processing“-in Police Sector ”General Directorate of State Police”.Law No. 9917, dated "On Prevention of Money Laundering and Financing of Terrorism“;Regulation No. 67, dated "On the information content and functioning of Credit Registry at the Bank of Albania”;Law No. 8951, dated "On the Identification Number of Citizens“;
4Legal Approach Legal Opinions/Other Opinions Draft Law “"On some amendments and additions to Law no. 8669, dated "On the census of population and housing"”;Draft Decision "On approval in principle of the Optional Protocol to the Convention on the Rights of the Child "On the procedure of communication";Draft Law "On Foreigners“;Draft Law “On weapons”;Draft Agreement between the Council of Ministers of the Republic of Albania and the Government of Georgia on cooperation in the fight against crime“.
5Legal Approach Institutional Cooperation Coo-drafting of Acts The continued cooperation with the General Directorate of Civil Status, in the context of drafting of the Summary Act, pursuant to Article 3 of Law no. 10129, dated "On Civil Status";Drafting and approval by Order no. 496, dated of the General Director of Prisons, of the regulation "On the Protection of Personal Data and their safety in the General Directorate of Prisons and in the Criminal I.E.V ";The continued cooperation with the State Police, in the context of drafting of the Instruction no. 17 "On determining the time of retention of personal data processed in electronic systems, by the state police for the purposes of prevention, investigation, detection and prosecution of criminal acts “, already approved by the Commissioner.AgreementsThe signing of the Cooperation Agreement between the Commissioner for Personal Data Protection and Commissioner of Montenegro; The signing of the Memorandum of Cooperation between the Commissioner for Personal Data Protection and the Commissioner and the State Agency for Data Protection in the Republic of Kosovo;The signing of the Cooperation Agreement between the Commissioner for Personal Data Protection and Steering Committee for the Protection of Personal Data of the Republic of Macedonia;The signing of the Cooperation Agreement between the Commissioner for Personal Data Protection and Authority of Electronic and Postal Communications;The signing of the Cooperation Agreement between the Commissioner for Personal Data Protection and the Ministry of Education and Science;The signing of the Cooperation Agreement between the Commissioner for Personal Data Protection and the General Prosecutor’s Office”;Draft Agreement between the Commissioner for Personal Data Protection and the Commissioner for Protection from Discrimination;Draft Agreement between the Commissioner for Personal Data Protection and the Bank of Albania.
6Awareness Raising Activities Publications and Distribution of Leaflets Seminars and workshopsDistribution of Leaflets28 January, the European Day of Data Protection (25-28 January)Trainingsyoung children and pupils;Students;Parents;Journalists;Psychologist.Topics“Violation of privacy that could result from careless exposure to the Internet”;“Principles of Personal Data Protection";"Office of the Supervisory Authority for Personal Data Protection and practical cases in the field of protection of personal data“;"Privacy in Internet time" and "Safety Information“;"Online Banking“;"Be aware of side effects when using social networking“;“Aspects of Information Security. What can be learned from selected European examples”;"Security is not a product but a process“.
7Awareness Raising Activities in cooperation with IPA-2009-EU Seminars WorkshopsHealthcare Sector;Judicial Authorities/ System;Police Sector;Statistics;Notaries;Banking;Telecommunication;
8Executive Measures Taken Complaint Handling and InspectionsOver 50 Complaints handling;Accuracy and information on the data processed through the TIMS system - state police;Regarding the publication of personal data in the official website of the National Registration Center;Regarding the publication of personal data to a information website, without the consent of the data subject;Regarding the deregistration of a business (physical person) by the National Registration Center;Regarding the information provided by police authorities to a court of justice;Regarding a promotional phone call by a controller that implements such services to a mobile phone number.43 Administrative Audit and Inspections-Recommendations, for this topics:Drafting of internal regulations on the security of personal data processed and confidentiality;Non compliance with the duty to notify;Non compliance with the duty to inform the data subjects;Processing of data without the consent of the data subject;Excessive data processing and not in proportionality to the purpose;Failure to have into place and to apply criteria for data security;Excessive Disclosure of some specific data on the purpose to inform the public and data subject, and not making the data anonymous;International transfer and disclosure of the personal data in violation to the Law on data protection and to the administrative acts of the Commissioner.35 Fines to Data Controllers.
9Executive Measures Taken Complaint Handling and InspectionsThe Recommendations aimed at:Drafting of internal regulations on data protection and security of data;Placing public notices in relation to monitoring-recording cameras (CCTV);Technical security of data;Fulfillment of the obligation to notify to the Commissioner’s Office;Obtaining consent and fair legal treatment of data subject;The time retention of personal data.Blocking and deletion of data.Fines for not notifying to the Office.
10Executive Measures Taken Notification and RegistrationStrategyRaise awareness among data controllers;The identification and direct communication with controllers of the private and public sector;Continuous assistance offered to the data controllers which notify with us;Prior Checking and Update of the Central Register.Statistical Table
11Executive Measures Notifications Public Data Controllers 712 The process of notification-Statistical TableBanking sector;Healthcare;Insurances;Telecommunications;Education;Public sector.NotificationsPublic Data Controllers712Private Data Controllers1803Total2515Registered2205
12European and International Activities Spring Conference of European DPA-s, Brussels;International Conference of DPA-s, Mexico;Second Conference-DP, Information and Communication Technologies, Moscow;Plenary of the Consultative Committee of 108 Convention, Strasbourg;Regional Conference, Strategic Approach in DP, Macedonia;Visit to Kosova and Monte Negro DPA-s.Trainings of the Staff under IPA-2009 ProjectVarious Topics2 Study Visit at the Spanish and Madrid DPA-s
13Foreign Technical Assistance EU-IPA Project 2009Implemented the most part of the activities foreseen in the working plan of the project compiled by the consultant FIIAP-Progeco in accordance with needs and in cooperation of the Beneficiary (KMDP) and approved by the EU Delegation (Contracting Authority);Commissioner requested officially EUD for extension to continue the project activities-Approved.Partnership Agreement, “Traveling with Privacy”, Macedonia-AlbaniaApplicationUnder EU Programme “IPA CBC Call for Proposal”Technical EvaluationReply, possibly September-October
14Thank You for the Attention! Questions? Flora ÇABEJ (POGAÇE)COMMISSIONER