beerport.blogg.se - Basic data privacy principles

#Basic data privacy principles manual#

This mechanism can enable data subjects to determine whether their personal information is being processed in line with applicable data protection laws and whether their rights are being upheld. Most data protection laws provide for data subjects to request and be given access to the information being held about them by a controller. In addition to giving effect to the right to privacy, data protection laws also typically facilitate a right of access to information.

Accountability: Those who collect and process personal data must be able to demonstrate their compliance with these principles.

Data subjects have the right to challenge their data and to have it amended if it is inaccurate, or erased if that is appropriate. This data must be provided within a reasonable period of time, in a form that is readily intelligible, and at a cost that is not excessive.

Individual participation: Individuals must have the right to obtain information about their personal data held by others.

Openness: There should be a general policy of openness about developments, practices, and policies with respect to personal data.

Security safeguards: Personal data should be protected by reasonable security safeguards to maintain its integrity and confidentiality.

Use limitation: Personal data must not be disclosed, made available, or used for other purposes except with the consent of the individual or where authorised by law.

Personal data should only be used for such other purposes as are compatible with applicable laws, such as archiving data that is in the public interest, or for scientific research.

Purpose specification: Personal data must be collected only for specified, explicit, and legitimate purposes.

Data quality: Personal data must be accurate at the point of collection, and reasonable steps must be taken to ensure its accuracy is maintained over the period of retention.

Collection limitation: Personal data must be obtained and processed lawfully, fairly, and, to the extent possible, transparently.

The Personal Data Protection Guidelines for Africa( 1) ( Data Protection Guidelines), a joint initiative of the Internet Society ( ISOC) and the AU, sets out key data protection principles that appear across most frameworks:( 2) While there may be differences across jurisdictions, there are also a number of governing principles that appear in most data protection frameworks.

This module explores data protection authorities in more detail below under Use of data protection authorities to vindicate the right to privacy. A data protection authority is a type of independent authority or public body established to monitor and enforce compliance with a data protection framework.

#Basic data privacy principles manual#

Processing usually refers to a wide range ofactions that can be performed on personal information including collection, organisation, storage, alteration, retrieval, sending, or deletion, and includes both manual and automated means.A data controller, which can typically be either a public or private body, is the person or entity responsible for processing the personal information about the data subject.A data subject is any person to whom this information relates – in other words, a person whose rights are at stake.Personal information or an equivalent term generally refers to any information relating to an identified or identifiable natural person which can be used to identify them, whether directly or indirectly, such as their name, contact details, age, race, gender, sexual orientation, health information, financial information, employment details, political or religious views, or biometric information.Data protection laws are aimed at protecting and safeguarding the processing of personal information (or personal data).Īlthough the specific definitions and terms may vary, most data protection laws set out similar basic concepts: Module 4: Privacy and Security Online Key principles for data protectionĭata protection is one of the primary measures through which the right to privacy is given effect.