Insufficient personal data protection Personal Data protection Act.

Slides:



Advertisements
Similar presentations
Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
Advertisements

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
Identification and Disposition of Official University Records University of Texas at Arlington Records Management.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
NAU HIPAA Awareness Training
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
The Data Protection (Jersey) Law 2005.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.
Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview
Data Protection for Church of Scotland Congregations
April 23, Massachusetts’ New Data Security Regulations: Ten Steps To Compliance Amy Crafts
Handling information 14 Standard.
Company Confidential How to implement privacy and security requirements in practice? Tobias Bräutigam, OTT Senior Legal Counsel, Nokia 8 October
HIPAA PRIVACY AND SECURITY AWARENESS.
The Data Protection Act 1998 The Eight Principles.
Matters of Conceptualization and Security in the Building of One-stop-shop e-Government Solutions in Europe: Experiences from the European OneStopGov project.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
Data Protection Act AS Module Heathcote Ch. 12.
Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
The Data Protection Act - Confidentiality and Associated Problems.
The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;
Information Asset Registries of Latvia Secretariat of e-government affairs Riga | 26 th October, 2007.
Legal issues The Data Protection Act Legal issues What the Act covers The misuse of personal data By organizations and businesses.
Data Protection Property Management Conference. What’s it got to do with me ? As a member of a management committee responsible for Guiding property you.
© Copyright 2010 Hemenway & Barnes LLP H&B
Data protection This means ensuring that stored data does not get changed, removed or accessed accidentally or by unauthorised people. Data can be corrupted,
HIPAA Health Insurance Portability and Accountability Act of 1996.
Database security Diego Abella. Database security Global connection increase database security problems. Database security is the system, processes, and.
ISO/IEC 27001:2013 Annex A.8 Asset management
Information Systems Unit 3.
An Introduction to the Privacy Act Privacy Act 1993 Promotes and protects individual privacy Is concerned with the privacy of information about people.
National INFOSEC Organisations and INFOSEC Management in Hungary.
ICT Legislation  Copyright, Designs and Patents Act (1988);  Computer Misuse Act (1990);  Health and Safety at Work Act (1974);  EU Health and Safety.
For Official Use Only (FOUO) and Similar Designations NPS Security Office
Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.
-1- WORKSHOP ON DATA PROTECTION AND DATA TRANSFERS TO THIRD COUNTRIES Technical and organizational security measures Skopje, 16 May - 17 May 2011 María.
Introduction to Data Protection Plan »Brief Introduction to Data Protection  Example  Principles  P3, 4, 7  Sensitive Data  Conditions for Processing.
Agencija za zaštitu ličnih/osobnih podataka u Bosni i Hercegovini Агенција за заштиту личних података у Босни и Херцеговини Personal Data Protection Agency.
Welcome to the ICT Department Unit 3_5 Security Policies.
LESSON 12 Business Internet. Electronic business, or e-business, is the application of information and communication technologies (ICT) in support of.
Section 4 Policies and legislation AQA ICT A2 Level © Nelson Thornes Section 4: Policies and Legislation Legislation – practical implications.
Handling Personal Data & Security of Information Paula Trim, Information Officer, Children’s Strategic Services, Mon – Thurs 9:15-2:15.
Visibook is instant, simple, and dynamic appointment booking We're headquartered in San Francisco, California "Visibook is awesome. My entire studio was.
Canada’s Breach Reporting Law What you need to know Timothy M. Banks, CIPP/C Dentons Canada LLP July 21, 2015.
Personal Data Protection
Learning Intention Legislations impact on security of information
Protection of CONSUMER information
Issues of personal data protection in scientific research
Privacy & Confidentiality
Data protection headaches: GDPR, brexit AND perimeter risk
Handout 2: Data Protection and Copyright
General Data Protection Regulation
Managing the IT Function
Data Protection Legislation
EU Directive 95/46/EC (Paragraph 2) “Whereas data-processing systems are designed to serve man; whereas they must Respect their fundamental rights.
Move this to online module slides 11-56
Spencer County Public Schools Responsible Use Policy for Technology and Related Devices Spencer County Public Schools has access to and use of the Internet.
INFORMATION SYSTEMS SECURITY and CONTROL
Identity Theft Prevention Program Training
HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.
Personal Data Usage Monitor
Handling information 14 Standard.
SIMPLIFIED MEASURES FOR CUSTOMER’S IDENTIFICATION
Presentation transcript:

Insufficient personal data protection Personal Data protection Act

The personal data security § 13 The controller shall be obliged to adopt measures preventing unauthorised or accidental access to personal data, their alteration, destruction or loss, unauthorised transmission, other unauthorised processing, as well as other misuse of personal data. This obligation shall remain valid after terminating personal data processing.

Changes - Security zone - Permits necessary to access data - Regular changes of passwords - Avoidance of public discussions of private affairs of third parties - Locking of cupboards where personal data are kept

Breach of § 13 Discarded documentation Insufficient shredding of old documentation Insufficient security of personal data after terminating business Release Acting bona fide Incautiousness Failure of an individual

Health reports

Personal data

Waiting room

Non-secure web Internet banking ABC Registration LINE 24 Name : Hans Solo Password: ****** l24/ib/base/login?execution=

Trade register Main data Identification number: firm: Hans Solo Place of business: W. Churchill 1, Praha Legal form: 101 – natural person Date of birth:

§ 13 par. 2 The controller or the processor shall be obliged to develop and to document the technical-organisational measures adopted and implemented to ensure the personal data protection in accordance with the law and other legal regulations.

§ 13 Par. 3 3) In the framework of measures pursuant to paragraph (1), the controller or the processor perform a risk assessment concerning (a) the carrying out of instructions for personal data processing by persons who have immediate access to the personal data, (b) prevention of unauthorized persons' access to personal data and means for their processing, (c) prevention of unauthorized reading, creating, copying, transferring, modifying or deleting of records containing personal data, and (d) measures enabling to determine and verify to whom the personal data were transferred.

§ 13 par. 3 Checking of computers security – names, Passwords Security of buildings, rooms, cabinets External administration of computer network, Firewall

§ 13 par. 4 In the area of automatic processing of personal data, the controller or processor shall, in the framework of measures under paragraph 1, be obliged to (a) ensure that the systems for automatic processing of personal data are used only by authorized persons, (b) ensure that the natural persons authorized to use systems for automatic processing of personal data have access only to the personal data corresponding to their authorization, and this on the basis of specific user authorizations established exclusively for these persons, (c) make electronic records enabling to identify and verify when, by whom and for what reason the personal data were recorded or otherwise processed, and (d) prevent any unauthorized access to data carriers.

§ 13 par. 4 let. c) § 13 par. 4 let. c) No exceptions Logging – make electronic records enabling to identify and verify when, by whom and for what reason the personal data were recorded or otherwise processed

Pseudonymous data Name Class School Town Handicap Maria 4B HS Hradecka Praha 3 Lucie 5A HS Hradecka Praha 4 Hata 5A G Mostecka Brno 4 Kilian 4B P Bila Plzen 2 Scarlett 1 G Jeseniova Hradec 1 Kim 2 G Jeseniova Hradec 2

Thank for your attention

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.