Presentation is loading. Please wait.

Presentation is loading. Please wait.

International Telecommunication Union HIPSSA Project Support for Harmonization of the ICT Policies in Sub-Sahara Africa, TRAINING /DATA PROTECTION LAW.

Published byTristin Croucher Modified over 9 years ago

Similar presentations

Presentation on theme: "International Telecommunication Union HIPSSA Project Support for Harmonization of the ICT Policies in Sub-Sahara Africa, TRAINING /DATA PROTECTION LAW."— Presentation transcript:

1 International Telecommunication Union HIPSSA Project Support for Harmonization of the ICT Policies in Sub-Sahara Africa, TRAINING /DATA PROTECTION LAW Case Studies on Data Protection Violations Zambia, August 2013 Gertrude Mukuwa National Expert on Data Protection

2 Summary of the Content International case studies on data protection law violations Reveals the approach of the Data Protection Commissioner/ Authority Reveals how the Data Protection Act and the principles are interpreted

3 Allianz requesting excessive personal information at quotation stage (Ireland)  The insurance agent asked the potential provide her date of birth and her mother's maiden name for a quote for pet insurance.  The data protection law in Ireland provide that personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are collected or are further processed  Following intervention, Allianz confirmed its intention to cease using its ID verification screen and request for mothers maiden name at quotation stage.

4 Unlawful use of CCTV to remotely monitor an employee (Ireland)  Complaint to Commissioner - personal privacy was affected in workplace - inappropriate use of CCTV.  Phone calls from the employer allegedly described to him what he had been doing at a particular time.  Employee said that the CCTV system was installed without prior staff notification as to the reason for its installation or its purpose.  Commissioner noted rule that CCTV be proportionate response to risk taking into account of the legitimate privacy and other interests of workers. Furthermore requirement of meeting transparency staff must be informed – Employer ordered to cease use of CCTV.

5 Credit card transaction – use of details from previous transaction without consent (Ireland)  A customer of a car rental company alleged that the company had used his credit card data – obtained in a previous transaction – to process a disputed charge without his consent, and in spite of his objections to the charge  The specific data protection issue in this case was whether the rental firm obtained and processed the complainant's credit card details fairly, with the appropriate level of consent from the individual.  Commissioner “credit card data obtained for a particular transaction cannot be used subsequently for other transactions without express consent, without violating the ‘fair obtaining’ rule. The principle of transparency and fairness, which are key tenets of data protection law and practice, apply in this area just as in any other”

6 Bank of Scotland – appropriate and effective security measures (UK)  5 August 2013  A monetary penalty notice has been served to the Bank of Scotland after customers’ account details were repeatedly faxed to the wrong recipients. The information included payslips, bank statements, account details and mortgage applications, along with customers’ names, addresses and contact details.  75 000 pounds monetary penalty http://www.ico.org.uk/enforcement/~/media/documents/library/Data_Protection/Notices/ban k-of-scotland-monetary-penalty-notice.pdf

7 NHS Surrey - appropriate and effective security measures (UK)  12 July 2013  A monetary penalty notice has been served on NHS Surrey following the discovery of sensitive personal data belonging to thousands of patients on hard drives sold on an online auction site. Whilst NHS Surrey has now been dissolved outstanding issues are now being dealt with by the Department of Health.  A member of the public informed the data controller that he had purchased a PC with confidential medical information from a third party company (the “third party company”) via an online auction site. Files contained confidential sensitive personal data and HR records including patient records relating to approximately 900 adults and 2000 children  200 000 pounds monetary penalty http://www.ico.org.uk/enforcement/~/media/documents/library/Data_Protection/Notices/nhs- surrey-monetary-penalty-notice.pdf

8 Glasgow City Council - appropriate and effective security measures – encryption of laptops (UK)  7 June 2013 A monetary penalty notice has been served to Glasgow City Council, following the loss of two unencrypted laptops, one of which contained the personal information of 20,143 people.  150 000 pounds penalty http://www.ico.org.uk/enforcement/~/media/documents/library/Data_Protection/Notices/Gla sgow-city-council-monetary-penalty-notice.ashx

9 Concluding Thoughts Case studies reveal the approach of the Data Protection Commissioner/ Authority Reveals how the Data Protection Act and the principles are interpreted Private and public sector, as data controllers, must assess their practices against the requirements of the Act A transition period must be applied in the Bill for organisations to conform their practices Ultimately, it is important that an Authority is established to enforce the Bill and realise data protection safeguards in Zambia

10 Thank You Questions? Gertrude M. Imbwae National Legal Expert on Data Protection

Download ppt "International Telecommunication Union HIPSSA Project Support for Harmonization of the ICT Policies in Sub-Sahara Africa, TRAINING /DATA PROTECTION LAW."

Similar presentations

THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.

THE DEPARTMENT OF HEALTH AND HUMAN SERVICES (HHS) OFFICE FOR CIVIL RIGHTS (OCR) ENFORCES THE HIPAA PRIVACY, SECURITY, AND BREACH NOTIFICATION RULES HIPAA.
DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
Red Flag Rules: What they are? & What you need to do

Red Flag Rules: What they are? & What you need to do
International Telecommunication Union HIPSSA Project Support for Harmonization of the ICT Policies in Sub-Sahara Africa, Meeting with the Namibia ICT Ministry.

International Telecommunication Union HIPSSA Project Support for Harmonization of the ICT Policies in Sub-Sahara Africa, Meeting with the Namibia ICT Ministry.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.

WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Data Protection.

Data Protection.
Hong Kong Privacy Code on Human Resource Management

Hong Kong Privacy Code on Human Resource Management
Audiences NI Data Protection Workshop

Audiences NI Data Protection Workshop
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview

Data Protection Overview
The Data Protection Act

The Data Protection Act
Protecting information rights –­ advancing information policy Privacy law reform for APP entities (organisations)

Protecting information rights –­ advancing information policy Privacy law reform for APP entities (organisations)
Data Protection for Church of Scotland Congregations

Data Protection for Church of Scotland Congregations
Regulation of Personal Information Daniel Pettitt, Leon Sewell and Matthew Pallot.

Regulation of Personal Information Daniel Pettitt, Leon Sewell and Matthew Pallot.

Similar presentations

Ads by Google