1 Pertemuan 7 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.
Published byModified over 6 years ago
Presentation on theme: "1 Pertemuan 7 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1."— Presentation transcript:
1 Pertemuan 7 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1
2 Learning Outcomes Pada akhir pertemuan ini, diharapkan mahasiswa akan mampu : Mahasiswa dapat menjelaskan Points of Exposure
3 Outline Materi Remote Working Protecting Online Privacy –The need for A Privacy Statement –Data Exports –Security –Spamming and Direct Marketing The Current Law The New Law –Cookies, Web Crawlers, Spiders, Web Bugs –Conclusion
4 Remote Working In today’s Internet-driven world the use of the teleworker is becoming more common. This is good for both workers and businesses as it reduces overheads and travelling time, increases productivity through flexible working and also allows companies to recruit the quality of staff they need even though they may not lie near the companies’ offices.
5 Once the main method of connecting the remote worker to the corporate system was through point-to-point dial-up connections; but now, with technological advances and increasing Internet- driven business activities, remote workers can easily connect from anywhere in the world. Directors, under new data protection laws, are now legally responsible for information held on corporate networks concerning their employees and customers.
6 Protecting Online Privacy In recent years laws protecting the privacy of individuals when personal data about them is stored or processed have proliferated internationally.
7 In particular the eight data protection principles in the Act must be complied with, namely: –Personal data shall be processed fairly and lawfully. –Personal data shall only be obtained for one or more specified and lawful purpose. –Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed. –Personal data shall be accurate and, where necessary, kept up to date. –Personal data processed for any purpose or purposes shall not be kept for longer than is necessary.
8 –Personal data shall be processed in accordance with the rights of data subjects. –Approriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data. –Personal data sahll not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
9 Persons who suffer harm as a result of unlawful processing or other breaches of the Act are also entitled to claim damages against the business concerned. There are also special rules for ‘sensitive personal data’ – ethnicity, health records,membership of a trade union, etc.
10 The Need for A Privacy Statement Where a business collects personal data – for example, contact details and other data such as customer preferences – via a web page or email, the business must ensure that the personal data is fairly and lawfully processed. It must also be obtained only for one or more specified and lawful purposes and must not be processed in a manner incompatible with these purposes.
11 In practice this includes making sure that you have an online privacy statement in the proper form, which is brought to the attention of those submitting personal data. The privacy statement must clearly set out the purposes for which the data is collected and processed.
12 Data Exports The current law is that personal data can only be exported outside Europe if the country to which the data is exported has an adequate level of protection.
13 Security The seventh data protection principle requires that ‘appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data’. In other words, the data must be kept secure. This is particularly important when the data may be available online and where there is a risk that it may become available to others.
14 Spamming and Direct Marketing The Current Law The New Law
15 The Current Law The current law in this area is complex – involving the Data Protection Act 1998 and the Telecommunications (Data Protection and Privacy) Regulations 1999.
16 The New Law The 2002 Directive on Privacy and Electronic Communications (‘Directive’), which must be implemented into UK law before 31 October 2003, sets out a new regime regulating unsolicited communications for direct marketing sent by: –Automatic calling machines (use of automated calling systems without human intervention) –Fax –Electronic mail (this includes SMS text messages)
17 Cookies, Web Crawlers, Spiders, Web Bugs These technologies potentially allow third parties access to the contents of your computer. A ‘cookie’ is a small text file that is stored on the hard drive of your computer when you visit a website. Their purpose is to allow repeat visits (eg by a subscriber to the side) and they can also be used to gather information about you. Web bugs, spyware and other similar devices can be used to gain access to information on your computer, to store hidden information and to trace your activities.
18 The new Directive sees ‘cookies’ as a legitimate and useful tool. However, web bugs and similar devices are seen as a serious threat to privacy and they must only be used for legitimate purposes with the knowledge of the users concerned.
19 The use of ‘cookies’ is permitted provided that: –The user is given clear and comprehensive information about the use to be made of the information gathered by the cookie – this must be made as ‘user friendly’ as possible –The user has the opportunity to refuse the cookie. However, access to a website can be made conditional on the user’s well-informed acceptance of a cookie.
20 Conclusion Dealing with online privacy issues is just part of dealing with data protection compliance more generally.
21 Areas typically included in any compliance programme are: –Existence and role of a compliance officer and management involvement –Internal staff policies and awareness of procedures and sanctions for non-compliance –Website privacy statements and processes of collecting personal data; duration of data retention –Staff monitoring –Handling of requests by data subjects to access their personal data –Security standards applied (both technical and operational)
22 Looking more specifically at online privacy issues, privacy statements are essential when addresses or personal data are collected. Where email/telephone numbers are to be used for direct marketing (eg by email or SMS) then best practice will be to obtain prior ‘explicit’ consent, for example by a tick in an ‘I consent’ box on a web form. Information must also be put in place dealing with cookies and users must be able to refuse them.