Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Pertemuan 7 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Pertemuan 7 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1."— Presentation transcript:

1 1 Pertemuan 7 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1

2 2 Learning Outcomes Pada akhir pertemuan ini, diharapkan mahasiswa akan mampu : Mahasiswa dapat menjelaskan Points of Exposure

3 3 Outline Materi Remote Working Protecting Online Privacy –The need for A Privacy Statement –Data Exports –Security –Spamming and Direct Marketing The Current Law The New Law –Cookies, Web Crawlers, Spiders, Web Bugs –Conclusion

4 4 Remote Working In today’s Internet-driven world the use of the teleworker is becoming more common. This is good for both workers and businesses as it reduces overheads and travelling time, increases productivity through flexible working and also allows companies to recruit the quality of staff they need even though they may not lie near the companies’ offices.

5 5 Once the main method of connecting the remote worker to the corporate system was through point-to-point dial-up connections; but now, with technological advances and increasing Internet- driven business activities, remote workers can easily connect from anywhere in the world. Directors, under new data protection laws, are now legally responsible for information held on corporate networks concerning their employees and customers.

6 6 Protecting Online Privacy In recent years laws protecting the privacy of individuals when personal data about them is stored or processed have proliferated internationally.

7 7 In particular the eight data protection principles in the Act must be complied with, namely: –Personal data shall be processed fairly and lawfully. –Personal data shall only be obtained for one or more specified and lawful purpose. –Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed. –Personal data shall be accurate and, where necessary, kept up to date. –Personal data processed for any purpose or purposes shall not be kept for longer than is necessary.

8 8 –Personal data shall be processed in accordance with the rights of data subjects. –Approriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data. –Personal data sahll not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

9 9 Persons who suffer harm as a result of unlawful processing or other breaches of the Act are also entitled to claim damages against the business concerned. There are also special rules for ‘sensitive personal data’ – ethnicity, health records,membership of a trade union, etc.

10 10 The Need for A Privacy Statement Where a business collects personal data – for example, contact details and other data such as customer preferences – via a web page or email, the business must ensure that the personal data is fairly and lawfully processed. It must also be obtained only for one or more specified and lawful purposes and must not be processed in a manner incompatible with these purposes.

11 11 In practice this includes making sure that you have an online privacy statement in the proper form, which is brought to the attention of those submitting personal data. The privacy statement must clearly set out the purposes for which the data is collected and processed.

12 12 Data Exports The current law is that personal data can only be exported outside Europe if the country to which the data is exported has an adequate level of protection.

13 13 Security The seventh data protection principle requires that ‘appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data’. In other words, the data must be kept secure. This is particularly important when the data may be available online and where there is a risk that it may become available to others.

14 14 Spamming and Direct Marketing The Current Law The New Law

15 15 The Current Law The current law in this area is complex – involving the Data Protection Act 1998 and the Telecommunications (Data Protection and Privacy) Regulations 1999.

16 16 The New Law The 2002 Directive on Privacy and Electronic Communications (‘Directive’), which must be implemented into UK law before 31 October 2003, sets out a new regime regulating unsolicited communications for direct marketing sent by: –Automatic calling machines (use of automated calling systems without human intervention) –Fax –Electronic mail (this includes SMS text messages)

17 17 Cookies, Web Crawlers, Spiders, Web Bugs These technologies potentially allow third parties access to the contents of your computer. A ‘cookie’ is a small text file that is stored on the hard drive of your computer when you visit a website. Their purpose is to allow repeat visits (eg by a subscriber to the side) and they can also be used to gather information about you. Web bugs, spyware and other similar devices can be used to gain access to information on your computer, to store hidden information and to trace your activities.

18 18 The new Directive sees ‘cookies’ as a legitimate and useful tool. However, web bugs and similar devices are seen as a serious threat to privacy and they must only be used for legitimate purposes with the knowledge of the users concerned.

19 19 The use of ‘cookies’ is permitted provided that: –The user is given clear and comprehensive information about the use to be made of the information gathered by the cookie – this must be made as ‘user friendly’ as possible –The user has the opportunity to refuse the cookie. However, access to a website can be made conditional on the user’s well-informed acceptance of a cookie.

20 20 Conclusion Dealing with online privacy issues is just part of dealing with data protection compliance more generally.

21 21 Areas typically included in any compliance programme are: –Existence and role of a compliance officer and management involvement –Internal staff policies and awareness of procedures and sanctions for non-compliance –Website privacy statements and processes of collecting personal data; duration of data retention –Staff monitoring –Handling of requests by data subjects to access their personal data –Security standards applied (both technical and operational)

22 22 Looking more specifically at online privacy issues, privacy statements are essential when addresses or personal data are collected. Where email/telephone numbers are to be used for direct marketing (eg by email or SMS) then best practice will be to obtain prior ‘explicit’ consent, for example by a tick in an ‘I consent’ box on a web form. Information must also be put in place dealing with cookies and users must be able to refuse them.

23 23 The End

Download ppt "1 Pertemuan 7 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1."

Similar presentations

Legal & Regulatory Compliance. Overview What types of information should be included? What issues or problems might there be? What benefits could be obtained?

Legal & Regulatory Compliance. Overview What types of information should be included? What issues or problems might there be? What benefits could be obtained?
Administrative Systems and the Law What you need to know to produce an oral presentation for Unit 7 When the presentations will take place Resources you.

Administrative Systems and the Law What you need to know to produce an oral presentation for Unit 7 When the presentations will take place Resources you.
CHAPTER 4 E-ENVIRONMENT

CHAPTER 4 E-ENVIRONMENT
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Getting data sharing right for every child

Getting data sharing right for every child
Data Protection.

Data Protection.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.

What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
1 Pertemuan 3 Information at Risk Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.

1 Pertemuan 3 Information at Risk Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.
1 Pertemuan 17 Organisational Back Up Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.

1 Pertemuan 17 Organisational Back Up Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.
Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.

Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.
Property of Common Sense Privacy - all rights reserved 01875340890 THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Audiences NI Data Protection Workshop

Audiences NI Data Protection Workshop
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005

Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005
Data Protection Overview

Data Protection Overview
The Data Protection Act

The Data Protection Act
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.

 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
The Information Commissioner’s Office David Evans.

The Information Commissioner’s Office David Evans.
Handling information 14 Standard.

Handling information 14 Standard.
Health & Social Care Apprenticeships & Diploma

Health & Social Care Apprenticeships & Diploma

Similar presentations

Ads by Google