Asian Privacy Certification

Similar documents
100+ Data Privacy Laws: Their Significance and Origins

The global diffusion of data privacy laws and their interoperability

The Personal Data Protection Bill, 2018 Issues, Possible Solutions, and Recommendations

Lex Mundi Data Privacy Guide: Focus on the Asia/Pacific Region

Latin American Culture of Privacy - Presentation

A Legal Overview of the Data Protection Act By: Mrs D. Madhub Data Protection Commissioner

Data Protection Bill [HL]

Rules of Origin Process (Chile)

Applications for accreditation: Membership. Compilation of membership accreditation assessment received on 9 July 2016

Practice Circular on Protection of Personal Data - Questions and Answers (Q&As)

Strengthening Privacy Protection through Co-Regulation

Data Protection Bill [HL]

SUMMARY CONTENTS. Volumes IA and IB

ARTICLE 29 DATA PROTECTION WORKING PARTY

Draft Resolution concerning the Establishment of a Steering Group on Representation at Meetings of International Organisations

This document gives a brief summary of the patent application process. The attached chart shows the most common patent protection routes.

SAFE HARBOR: STAYING ALIVE?

16 March Purpose & Introduction

1. Processing of personal data legal basis, purpose and scope Legal basis fulfillment of statutory legal requirements

A Japanese Culture of Privacy

Advanced Passenger Information: Sharing Data for Effective Border Control that Support Tourism Growth in the Asia-Pacific

The European Union General Data Protection Regulation (GDPR) Barmak Nassirian, Federal Director Thursday, February 22, 2018

OTrack Data Processing Terms

This document gives a brief summary of the patent application process. The attached chart shows the most common patent protection routes.

GDPR and India. By ADITI CHATURVEDI Edited by AMBER SINHA. The Centre for Internet and Society, India

AIA Australia Limited

THE CHALLENGES AND OPPORTUNITIES OF ASIA-PACIFIC TRADE

PROJET DE LOI ENTITLED. The Data Protection (Bailiwick of Guernsey) Law, 2017 ARRANGEMENT OF SECTIONS PART I PRELIMINARY

Proliferation of FTAs in East Asia

From Crisis to Redistribution? Global Attitudes Towards Equality, Welfare, and State Ownership

Lecture 4 Multilateralism and Regionalism. Hyun-Hoon Lee Professor Kangwon National University

Data Processing Agreement. <<Health Service Provider>> The National Message Broker Service known as Healthlink

How we use Personal Information

Markets in higher education

INDEX. A Access and correction requests, see also Access to and correction of personal information. .. Part 8 of the Act, 115

[To be published in THE GAZETTE OF INDIA, EXTRAORDINARY, Part II, Section 3, Sub-section (i) of dated the , 2011]

THE ASIA PACIFIC NTI-CORRUPTION INITIATIVE

2010/SOM1/EC/WKSP/004 Session 1. Starting a Business. Submitted by: World Bank

THE PERSONAL DATA PROTECTION BILL, 2018: A SUMMARY

60 th UIA CONGRESS Budapest / Hungary October 28 November 1, UIA Biotechnology Law Commission Sunday, October 30, 2016

Charting South Korea s Economy, 1H 2017

Round 1. This House would ban the use of zero-hour contracts. Proposition v. Opposition

PRIVACY POLICY STATEMENT ON THE PROCESSING OF PERSONAL AND SENSITIVE DATA OF THE CUSTOMERS WITHIN THE MEANING OF ARTICLE 13 AND FF. OF REGULATION (EU)

closer look at Rights & remedies

Hong Kong General Chamber of Commerce Roundtable Luncheon 13 April 2016 Collection and Use of Biometric Data

Investor Migration Rise of the Global Citizen. Dominic Volek, CA(SA), IMCM Managing Partner and Head Southeast Asia

PCPD s Submission. in response to. Report on Public Consultation on Review of the Personal Data (Privacy) Ordinance

THE PERSONAL DATA (PROTECTION) BILL, 2013

84 rd REGULAR SESSION OEA/Ser.Q March 10-14, 2014 CJI/doc. 450/14 Rio de Janeiro, Brazil February 25, 2014 Original: English * Limited

COMMUNICATION FROM THE COMMISSION. On the global approach to transfers of Passenger Name Record (PNR) data to third countries

Data Protection Bill, House of Lords second reading Information Commissioner s briefing

Asia Corporate Governance Overview

Charting Indonesia s Economy, 1H 2017

Mini Summit V Interaction of UK Bribery Act, New Chinese Anti Bribery Act Law, FCPA Asia Pacific National Anti-Corruption Laws

Annex - Summary of GDPR derogations in the Data Protection Bill

Trans-Pacific Trade and Investment Relations Region Is Key Driver of Global Economic Growth

Data protected. A report on global data protection laws in 2016.

Exploring relations between Governance, Trust and Well-being

Youen Kim Professor Graduate School of International Studies Hanyang University

General Data Protection Regulation

PREVENTION OF TERRORISM ACT

Report Published under Section 48(2) of the Personal Data (Privacy) Ordinance (Cap. 486)

MEGA-REGIONAL FTAS AND CHINA

E-Commerce Development in Asia and the Pacific

Charting Cambodia s Economy

FDRS Application Form (Financial Institutions)

GDPR. EU General Data Protection Regulation. ebook Version 1.2

PERSONAL INFORMATION PROTECTION ACT

International cooperation on the protection of personal data: Moroccan practice

2014 Visa Vue Analysis Greater Portland Region Prepared by:

Charting Philippines Economy, 1H 2017

INDEX. A Access and correction requests, see also Access to and correction of personal information. .. Part 8 of the Act, 110

Implementation of GDPR and control mechanisms of data protection institutions in Germany

Appendix B A WTO Description of the Trade Policy Review Mechanism

Telekom Austria Group Standard Data Processing Agreement

1. This is the Country Addendum for Australia to the UOB Business Internet Banking Service Agreement (the Agreement).

Charities & Not-for-Profits Overview of Data Protection Law

DATA PROTECTION (AMENDMENT) REGULATIONS Amendments to the Data Protection Regulations Insertion of new sections...

EVIDENCE ON THE DATA PROTECTION BILL. For the House of Commons Public Bill Committee by Open Rights Group and Chris Pounder

DATA PROTECTION LAWS OF THE WORLD. Romania

ELECTRONIC DATA PROTECTION ACT An Act to provide for protection to electronic data with regard to the processing of electronic data in Pakistan

MEETING OF APEC MINISTERS RESPONSIBLE FOR TRADE. Puerto Vallarta, Mexico May 2002 STATEMENT OF THE CHAIR

MEMORANDUM. Internet Corporation for Assigned Names and Numbers. Thomas Nygren and Pontus Stenbeck, Hamilton AdvokatbyrÄ

THE GDPR AND DFIR THE IMPACT OF THE EU GENERAL DATA PROTECTION REGULATION ON DIGITAL FORENSICS AND INCIDENT RESPONSE

ARTICLE 29 DATA PROTECTION WORKING PARTY

APPENDIX I General Information on IOSCO

My testimony today makes three points.

Presentation to IAPP November 18, EU Data Protection. Monday 18 November 13

Docket No (Privacy RFC): Developing the Administration s Approach to Consumer Privacy

Data Protection Act 1998 Policy

Appendix 3 - Progress on Economies Implementation of the WTO Trade Facilitation Agreement

1. Why do third-country audit entities have to register with authorities in Member States?

AmCham EU Proposed Amendments on the General Data Protection Regulation

Illinois State Toll Highway Authority SPECIAL PROVISIONS FOR EQUAL EMPLOYMENT OPPORTUNITY PROGRAM

TECHNOLOGY AND DATA PRIVACY. Investigative Powers of the Data Protection Commissioner. by Peter Bolger, Jeanne Kelly

PRIVACY NOTES FROM NEW ZEALAND

GUIDELINE FOR PROTECTION OF PERSONAL INFORMATION

TERMS OF BUSINESS GFI GROUP ASIA/PACIFIC

Data protected. A report on global data protection laws in 2015.

DATA PROTECTION LAWS OF THE WORLD. Colombia vs Germany

Transcription:

Asian Privacy Certification I. Privacy Fundamentals Outline of the Body of Knowledge for the Certified Information Privacy Professional/Asia (CIPP/A) A. Modern Privacy Principles a. The Organisation of Economic Cooperation and Development (OECD) Guidelines Governing the Protection of Privacy and Trans-border Data Flows of Personal Data. (1980) b. The Asia Pacific Economic Cooperation (APEC) privacy principles c. Fair Information Practices (FIPs) d. Universal Declaration of Human Rights (1948) B. Adequacy and the Rest of the World a. Europe and the General Data Protection Regulation (GDPR) b. Deemed adequate: New Zealand, Canada, Israel, Argentina, Uruguay c. United States and the EU-U.S. Privacy Shield d. Deemed not adequate: Australia, Mexico, Korea, Japan, Taiwan C. Elements of personal information a. Personal data (EU) (HK) (SG) b. Personally identifiable information (U.S.) c. Sensitive personal data information (IND) d. Pseudonymisation, de-identification and anonymisation

II. Singapore Privacy Laws and Practices A. Legislative history and origins a. Singapore government and legal system i. Political structure b. Social attitudes toward privacy and data protection c. Surveillance and identification d. Constitutional protections e. Common law protections f. Sector-specific protections B. Personal Data Protection Act 2012 (PDPA) a. Application and scope i. PDPA predecessor: National Internet Advisory Committee (NIAC) 2002 Report, Report on a Model Data Protection Code for the Private Sector. ii. iii. Extraterritorial reach PDPA definitions a. Personal data b. Business contact information c. Data intermediary d.publicly available e. Survivorship iv. Do Not Call Registry a. Specified message v. PDPA in an employment setting vi. Exemptions a. Public-sector b. Response to emergency c. National interest d. Investigations in legal proceedings e. Evaluative purposes f. Journalism and media b. Key concepts and practices i. Data protection officer ii. Staff training iii. Consent and exceptions to consent iv. Use v. Disclosure vi. Safeguarding/Security vii. Accountability and openness

viii. Access and correction ix. Retention and deletion x. Transfer out C. Enforcement a. Monetary Authority of Singapore i. Regulations and guidances ii. Notices on Prevention of Money Laundering and Countering the Financing of Terrorism iii. Individual s access and rights iv. Protection of customer data v. Outsourcing b. Personal Data Protection Commission (PDPC) c. Decision in appealed commissioner rulings, complaints i. Complaint-based vs. audit-based d. Commissioner guidance and published positions e. Managing consent opt-out mechanisms: their use and limitations, consent to new purposes and documentation f. Penalties and sanctions g. Policy development and implementation i. Freedom of information legislation ii. Data transfers: doctrine of privity of contract for thirdparties III. Hong Kong Privacy Laws and Practices A. Legislative history and origins a. Hong Kong government and legal system b. Social attitudes toward privacy and data protection c. Surveillance and identification d. Constitutional protections e. Common law protections B. Personal Data (Privacy) Ordinance (PDPO): a. Application and scope i. PDPO definitions a. Personal data b. Publicly available data c. Sensitive personal data d. Prescribed consent e. Rights of data subject ii. Personal Data (Privacy) (Amendment) Ordinance 2012 a. The New Guidance on Direct Marketing

iii. Exemptions a. Journalism and news media b. Key concepts and practices i. Six Data Protection Principles (DPPs) and the Internet Data Guidance 1. DPP1: Data Collections 2. DPP2: Accuracy and retention 3. DDP3: Data Use 4. DPP4: Data security 5. DPP5: Openness 6. DPP6: Data access and correction ii. Due diligence exemption and exercise iii. Guidance on Personal Data Erasure and Anonymisation iv. Guidance on employment matters v. Data Transfer/Export, Ordinance Section 33 a. Data processors b. Model contracts C. Enforcement a. The Office of the Privacy Commissioner for Personal Data b. Commissioner rules c. Commissioner guidance and published positions i. Octopus Rewards Ltd. d. Decisions in appealed commissioner rulings, complaints e. Personal Data (Privacy) Advisory Committee f. Managing consent opt-out mechanisms: their use and limitations, consent to new purposes and documentation g. Enforcement notice h. Policy development and implementation i. Law reform proposals for third-party benefit exception i. Privacy incidents: trends in commissioner expectations IV. India Privacy Law and Practices A. Legislative history and origins a. Indian government and legal system i. Political structure b. Social attitudes toward privacy and data protection c. Surveillance and identification i. Credit Information Companies (Regulation) Act 2005 d. Constitutional protections i. Article 21

ii. The Right to Information Act 2005 iii. The Protection of Human Rights Act 1993 e. Common law protections B. Information Technology Act 2000 (IT Act) a. Application and scope i. Information Technology Act 2000 a. Section 43 b. Section 66A and its removal ii. Information Technology (Amendment) Act 2008 (ITAA) a. Section 43A b. Definitions i. Personal data ii. Sensitive personal data iii. Body corporate iii. iv. Rights of data subjects Exemptions a. Religious and social, charitable organisations b. Non-commercial organisations c. Non-automated data b. Section 43A and the 2011 Rules: Rules 3-8 i. Privacy policies required: Rule 3 ii. Data protection principles: Rule 4 a. Consent and purpose limitation b. Lawful purpose and minimal collection c. Notice and purpose limitation d. Retention e. Use f. Subject access and correction g. Option to refuse or withdraw consent h. Security i. Complaint handling iii. Disclosure imitations and exceptions: Rule 5 iv. Data processing: Rule 6 v. Data export restriction: Rule 7 vi. Reasonable security: Rule 8 C. Enforcement a. The Ministry of Communication and Information Technology b. The Department of Electronics and Information (DeitY) c. The Telecom Regulatory Authority of India (TRAI) and Do Not Call Registry i. Banning Free Basics and Net Neutrality

d. Commissioner rulings, appeals and complaints e. Penalties and sanctions i. IT Act Sections 43(b) and (g) ii. IT Act Sections 72 and 72A f. Commissioner guidance and published positions g. Grievance officers h. Managing consent opt-out mechanisms: their use and limitations, consent to new purposes and documentation i. Policy development and implementation i. Data transfers: doctrine of privity of contract for third-parties j. Public-sector exemption V. Common themes among principle frameworks A. Comparing protections and principles i. Sensitive data protections ii. Children s data protections iii. Natural persons vs. legal persons iv. Data breach notification v. Public Registers vi. Surveillance a. National identity systems i. SingPass ii. HKID iii. India s UIDAI b. Legislation j. Hong Kong: PCPD Code of Practice on Identity Card Number and Other Personal Identifiers, 1997 vii. Data processing and export viii. Intermediaries ix. Extraterritorial operations B. Rights of the data subject i. Domestic use ii. Breadth of exemption a. Hong Kong i. Chinese central government organisations ii. Media b. Singapore i. Public-sector ii. Public authorities iii. Publicly available information

iv. Public agency v. Business contracted by Singapore government c. India i. Limited application for sensitive data ii. Limited application to providers not data subjects iii. Freedom of speech iv. Lack of openness

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback