online privacy & data protection verine etsebeth
TRANSCRIPT
![Page 1: ONLINE PRIVACY & DATA PROTECTION VERINE ETSEBETH](https://reader036.vdocuments.site/reader036/viewer/2022062318/551be669550346b9588b6089/html5/thumbnails/1.jpg)
ONLINE PRIVACY ONLINE PRIVACY & DATA & DATA
PROTECTION PROTECTION
VERINE ETSEBETHVERINE ETSEBETH
![Page 2: ONLINE PRIVACY & DATA PROTECTION VERINE ETSEBETH](https://reader036.vdocuments.site/reader036/viewer/2022062318/551be669550346b9588b6089/html5/thumbnails/2.jpg)
INTRODUCTION
TRADITIONAL VERSUS ONLINE DATA PROTECTION
“We leave data everywhere we go”
“What happens to our data happens to ourselves”
Who controls our data controls our lives”
![Page 3: ONLINE PRIVACY & DATA PROTECTION VERINE ETSEBETH](https://reader036.vdocuments.site/reader036/viewer/2022062318/551be669550346b9588b6089/html5/thumbnails/3.jpg)
CHALLENGES FACING ONLINE DATA PROTECTION
INTERNATIONAL LEGISLATIVE DEVELOPMENTS IN RESPONSE TO ONLINE PRIVACY CONCERNS Individual country response:
1. EU 2. UK 3. CANADA 4. AUSTRALIA 5. USA
![Page 4: ONLINE PRIVACY & DATA PROTECTION VERINE ETSEBETH](https://reader036.vdocuments.site/reader036/viewer/2022062318/551be669550346b9588b6089/html5/thumbnails/4.jpg)
ESSENTIAL MEASURES INTRODUCED BY COUNTRIES:1. Consent requirement mechanism
2. Access requirement mechanism
3. Onward transfer provisions
4. Notice requirement mechanism
5. Information security mechanism
6. Spam regulation
![Page 5: ONLINE PRIVACY & DATA PROTECTION VERINE ETSEBETH](https://reader036.vdocuments.site/reader036/viewer/2022062318/551be669550346b9588b6089/html5/thumbnails/5.jpg)
importance of online privacy physical world privacy vs. online privacy past – personal information kept under lock & key in
offices now – electronically available, anywhere, anytime,
anyplace
Problem (1) electronic data is easily transferable (2) businesses share information in-discriminatorily
Solution to the problem = Legislature introduced PROTECTION OF PERSONAL
INFORMATION BILL (PPI Bill)
![Page 6: ONLINE PRIVACY & DATA PROTECTION VERINE ETSEBETH](https://reader036.vdocuments.site/reader036/viewer/2022062318/551be669550346b9588b6089/html5/thumbnails/6.jpg)
Natural persons &
Juristic persons
any individualindividual
any business entitybusiness entity For example: Close Corporations Private & Public Companies Partnerships Businesses that have been incorporated
![Page 7: ONLINE PRIVACY & DATA PROTECTION VERINE ETSEBETH](https://reader036.vdocuments.site/reader036/viewer/2022062318/551be669550346b9588b6089/html5/thumbnails/7.jpg)
personal information
information about an identifiable person – e.g.:
gender, religion, race, etc
fingerprints, blood type (DNA)
medical records
![Page 8: ONLINE PRIVACY & DATA PROTECTION VERINE ETSEBETH](https://reader036.vdocuments.site/reader036/viewer/2022062318/551be669550346b9588b6089/html5/thumbnails/8.jpg)
data subject the person who provides information about
himself/herself
data controller the person who collects, processes, stores and
uses information
third party person to whom data is disclosed
![Page 9: ONLINE PRIVACY & DATA PROTECTION VERINE ETSEBETH](https://reader036.vdocuments.site/reader036/viewer/2022062318/551be669550346b9588b6089/html5/thumbnails/9.jpg)
SA does not have separate legislation dealing exclusively with privacy protection
Applicable law is fragmented
Mirrors the EU Data Protection Directive
![Page 10: ONLINE PRIVACY & DATA PROTECTION VERINE ETSEBETH](https://reader036.vdocuments.site/reader036/viewer/2022062318/551be669550346b9588b6089/html5/thumbnails/10.jpg)
![Page 11: ONLINE PRIVACY & DATA PROTECTION VERINE ETSEBETH](https://reader036.vdocuments.site/reader036/viewer/2022062318/551be669550346b9588b6089/html5/thumbnails/11.jpg)
The data controller must disclose to data subject the purpose(s) for which it is going to use the collected information Purpose must be stated with relative degree of certainty Purpose may not be defined in general, vague terms
![Page 12: ONLINE PRIVACY & DATA PROTECTION VERINE ETSEBETH](https://reader036.vdocuments.site/reader036/viewer/2022062318/551be669550346b9588b6089/html5/thumbnails/12.jpg)
Before the data controller will be entitled to collect, use or process any personal information, it must obtain the prior written consent from the data subject to do so Consent requirement = key feature of PPI Bill Without consent no data that might have been
collected may be used in any manner Unlawful usage can result in huge fines &
possibility of imprisonment
![Page 13: ONLINE PRIVACY & DATA PROTECTION VERINE ETSEBETH](https://reader036.vdocuments.site/reader036/viewer/2022062318/551be669550346b9588b6089/html5/thumbnails/13.jpg)
Data controller must ensure that data which is collected is accurate, current and up-to-dateTwo token identification generally required
in SA
![Page 14: ONLINE PRIVACY & DATA PROTECTION VERINE ETSEBETH](https://reader036.vdocuments.site/reader036/viewer/2022062318/551be669550346b9588b6089/html5/thumbnails/14.jpg)
When collecting, using and/or processing the personal information the data controller must at all relevant times inform the data subject of his/her rights This would entail informing the data subject
EXACTLY which statutes protect him/her & what remedies are available to him/her if they feel their rights have been violated
![Page 15: ONLINE PRIVACY & DATA PROTECTION VERINE ETSEBETH](https://reader036.vdocuments.site/reader036/viewer/2022062318/551be669550346b9588b6089/html5/thumbnails/15.jpg)
A data controller may not retain the personal information collected for any period longer than is necessary for the stated purpose
The period for which the data controller decides to retain the information must therefore be reasonable & justifiable.
KEY QUESTION = can you motivate why you are still retaining the data collected to a court of law?
Position in America
![Page 16: ONLINE PRIVACY & DATA PROTECTION VERINE ETSEBETH](https://reader036.vdocuments.site/reader036/viewer/2022062318/551be669550346b9588b6089/html5/thumbnails/16.jpg)
• A data controller must destroy any collected information that is no longer needed or used by them.
•Destruction ≠ deletion
![Page 17: ONLINE PRIVACY & DATA PROTECTION VERINE ETSEBETH](https://reader036.vdocuments.site/reader036/viewer/2022062318/551be669550346b9588b6089/html5/thumbnails/17.jpg)
8. CROSS-BORDER TRANSFER OF INFO
![Page 18: ONLINE PRIVACY & DATA PROTECTION VERINE ETSEBETH](https://reader036.vdocuments.site/reader036/viewer/2022062318/551be669550346b9588b6089/html5/thumbnails/18.jpg)
data controller must take adequate security measures to protect the confidentiality, integrity and availability of the information (cia)
confidentiality: no unauthorised persons should be permitted to view the information encryption and cryptography
integrity: no unauthorised person may alter the information encryption and digital signatures
availability: information must be readily available on demand
digital signatures & pki
![Page 19: ONLINE PRIVACY & DATA PROTECTION VERINE ETSEBETH](https://reader036.vdocuments.site/reader036/viewer/2022062318/551be669550346b9588b6089/html5/thumbnails/19.jpg)
any questions???any questions???