Presentation is loading. Please wait.

Presentation is loading. Please wait.

Insufficient personal data protection Personal Data protection Act.

Published byAmi Garrison Modified over 8 years ago

Similar presentations

Presentation on theme: "Insufficient personal data protection Personal Data protection Act."— Presentation transcript:

1 Insufficient personal data protection Personal Data protection Act

2 The personal data security § 13 The controller shall be obliged to adopt measures preventing unauthorised or accidental access to personal data, their alteration, destruction or loss, unauthorised transmission, other unauthorised processing, as well as other misuse of personal data. This obligation shall remain valid after terminating personal data processing.

3 Changes - Security zone - Permits necessary to access data - Regular changes of passwords - Avoidance of public discussions of private affairs of third parties - Locking of cupboards where personal data are kept

4 Breach of § 13 Discarded documentation Insufficient shredding of old documentation Insufficient security of personal data after terminating business Release Acting bona fide Incautiousness Failure of an individual

5 Health reports

6

7 Personal data

8 Waiting room

9 Non-secure web Internet banking ABC Registration LINE 24 Name : Hans Solo Password: ****** https://www.line24.cz/ebanking- l24/ib/base/login?execution=123456789

10 Trade register Main data Identification number: 6050000 firm: Hans Solo Place of business: W. Churchill 1, Praha Legal form: 101 – natural person Date of birth: 25.1.1967

11 § 13 par. 2 The controller or the processor shall be obliged to develop and to document the technical-organisational measures adopted and implemented to ensure the personal data protection in accordance with the law and other legal regulations.

12 § 13 Par. 3 3) In the framework of measures pursuant to paragraph (1), the controller or the processor perform a risk assessment concerning (a) the carrying out of instructions for personal data processing by persons who have immediate access to the personal data, (b) prevention of unauthorized persons' access to personal data and means for their processing, (c) prevention of unauthorized reading, creating, copying, transferring, modifying or deleting of records containing personal data, and (d) measures enabling to determine and verify to whom the personal data were transferred.

13 § 13 par. 3 Checking of computers security – names, Passwords Security of buildings, rooms, cabinets External administration of computer network, Firewall

14 § 13 par. 4 In the area of automatic processing of personal data, the controller or processor shall, in the framework of measures under paragraph 1, be obliged to (a) ensure that the systems for automatic processing of personal data are used only by authorized persons, (b) ensure that the natural persons authorized to use systems for automatic processing of personal data have access only to the personal data corresponding to their authorization, and this on the basis of specific user authorizations established exclusively for these persons, (c) make electronic records enabling to identify and verify when, by whom and for what reason the personal data were recorded or otherwise processed, and (d) prevent any unauthorized access to data carriers.

15 § 13 par. 4 let. c) § 13 par. 4 let. c) No exceptions Logging – make electronic records enabling to identify and verify when, by whom and for what reason the personal data were recorded or otherwise processed

16 Pseudonymous data Name Class School Town Handicap Maria 4B HS Hradecka Praha 3 Lucie 5A HS Hradecka Praha 4 Hata 5A G Mostecka Brno 4 Kilian 4B P Bila Plzen 2 Scarlett 1 G Jeseniova Hradec 1 Kim 2 G Jeseniova Hradec 2

17 Kamila.Bendova@uoou.cz Thank for your attention

Download ppt "Insufficient personal data protection Personal Data protection Act."

Similar presentations

Red Flags Rule BAS Forum August 18, 2010. What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
Identification and Disposition of Official University Records University of Texas at Arlington Records Management.

Identification and Disposition of Official University Records University of Texas at Arlington Records Management.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.

Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.
Property of Common Sense Privacy - all rights reserved 01875340890 THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview

Data Protection Overview
Data Protection for Church of Scotland Congregations

Data Protection for Church of Scotland Congregations
April 23, 20101 Massachusetts’ New Data Security Regulations: Ten Steps To Compliance Amy Crafts 617.526.9658.

April 23, Massachusetts’ New Data Security Regulations: Ten Steps To Compliance Amy Crafts
Handling information 14 Standard.

Handling information 14 Standard.
Company Confidential How to implement privacy and security requirements in practice? Tobias Bräutigam, OTT Senior Legal Counsel, Nokia 8 October 2012 1.

Company Confidential How to implement privacy and security requirements in practice? Tobias Bräutigam, OTT Senior Legal Counsel, Nokia 8 October
HIPAA PRIVACY AND SECURITY AWARENESS.

HIPAA PRIVACY AND SECURITY AWARENESS.
The Data Protection Act 1998 The Eight Principles.

The Data Protection Act 1998 The Eight Principles.

Similar presentations

Ads by Google