Data Protection ActMohammad Iqbal Dilmahomed Bocus ID: 1102196Gulshan Gunputh ID: 1102191Legallant Dony ID:1102193Bsc(Hons) IT Upgrade PT
Data Protection ActPrivacy of data in the ageof TECHNOLOGYInformation privacy, or data privacy is the relationship between collectionand dissemination of data, technology, the public expectation of privacy,and the legal and political issues surrounding themReference from Wikipedia
What is Personal Data?This can be defined as information that can identify aliving person and allow an opinion to be expressedabout that person.Examples of sensitive personal data: Political and religious belief Racial and ethnic origin Membership of trade unions Details of sexual life Physical and mental health
Data Protection ActIs a Law designed to protectpersonal dataIt applies to all data storagemedia
Definition of Data Protection Act as a LawCreate RIGHTS:for those who have their data storedMake RESPONSIBLE:for those who store and process thedata
Why we need Data Protection Act?In this era of technology, the importance of havingour personal data at hand is fundamental.At any time or anywhere, we need our personal datato do transactions.These sensitive data are stored on servers whereanybody can have access to it.In order to protect ourselves and our data, the DPAwas passed to protect our privacy.
Purpose of the Data Protection ActTo control the way informationis handled and to give legal rightsto people who have informationstored about them.
Data Protection Principles1. Personal data shall be processed fairly andlawfully• identity of the data controller must be known• purpose for which the information is to beprocessed should be clear• Other information relevant in the circumstanceswhereby the information pertaining to an individualmight be disclosed
Principles of Data Protection Act2. Personal information shall be obtained only for one ormore specified purposes. What is meant by that is that the processing must not beunsuited with the purpose it was originally intended for.
Principles of Data Protection Act (cont)3. Personal data shall be Adequate, relevant and not excessiveThe data controller should capture only the minimum amountof personal information that is needed to fulfill the purpose ofthe processing properly.
Principles of Data Protection Act (cont)4. Personal Data shall be accurate and kept up-to-date This principle of the data protection act states that data which are out-of-date are most likely to be regarded as excessive and irrelevant fortheir purpose There are certain exceptions for this particular principle which includethe following: The data controller has taken reasonable steps to ensure privacy The information while inaccurate constitutes an accurate recordedobtained from the person concerned
Principles of Data Protection Act (cont)5. Personal Information shall not to be retained for more time than itis required for processing In order for this principle to be successfully implemented, there is aneed for continuous appraisal of the information, as well as thepurpose of its collection. In some special circumstances, the data canbe retained after its processing based on the requirement of thebusiness needs.
Principles of Data Protection Act (cont)6. Processing should be carried out in accordance to the right ofthe data subjectsHere is a list of the rights of the data subjects: Right to access personal information Right to object to automated decision making Right to object to direct marketing Right to object to certain processing likely to cause damage
Principles of Data Protection Act (cont)7. Personal data shall be kept secured The data controller takes the necessary precautions to safeguard dataagainst unauthorized access, processing, disclosure, damage or loss. Thedata protection act takes into consideration two important factors:1. Cost of the security measure with regards to the nature of the informationand the perceived harm that a security breach could cause2. The state of the technological development at this time
Principles of Data Protection Act (cont)8. Transfer of data to another countryThe data protection act prevents private information to betransferred to another country unless that country ensures anadequate level of protection for the rights and freedom of data ofthe subjects in relation to the processing of information ofpersonal data.
Definition of key words Data SubjectData subjects, are the people who have data held aboutthem. Nowadays this includes you, me, everyone. Data ControllerA Data controller is the person, business or organization controlling thecollection, contents and use of personal data.
Definition of key words (cont) Data UserThis is an authorized user within the organization or businesswho is given an ID and password that enables them to accessdata. Data processorThe data processor is a person, other than an employee of thedata controller, who has a written contract with the datacontroller and who processes personal data on behalf of the datacontroller.
Definition of key words (cont)CommissionerMrs. Madhub is presently the commissioner in Mauritius. Her job is to: register all data controllers in Mauritius exercise control over all data processing activities in Mauritius investigate complaints undertake research in data processing and computer technology,amongst others.More information at http://dataprotection.gov.mu/
Data Protection Office [PMO]The Data Protection Office runs under the aegis of thePrime Ministers OfficeThe Data Protection Office is to safeguard the privacyrights of all individuals with regard to the processing oftheir personal data, in Mauritius.During 2009 and 2010, the office has concentrated on theregistration of about 10000-15000 data controllers inMauritius
StatisticsWith the growing awareness of theexistence of data protection laws, theInvestigation Unit has received 11complaints as at end of December2011.The Investigators have successfullyinvestigated 4 suspected cases of databreach.
Case where the DPA has been breached in Mauritius
cont On 26th June 2010, Dr Richard L Munisamy made a statement to thepolice at Point aux Canonniers station accusing Mr Sahrat Dutt Lallh, CEOof Mauritius Telecom of contravening Section 29 of the Data ProtectionAct According to a Mauritius Telecom employee, the private database ofOrange customers’ phone numbers had been released to the alliance del’avenir who had requested that Mauritius Telecom send a message tosubscribers soliciting their support in the general elections of may 2010.Apparently, Mauritius telecom made no charge for this service. It isunderstood that the case, OB732/10, has recently been transferred toregional headquarters at Piton where the decision to prosecute will betaken.
Data Protection Act in MauritiusData Protection Act 2004 cameinto operation in February 2009.Enforcement is through theData Protection Office.
Our Rights DPA gives everyone the right to see data that is held about them on acomputer system and to have it changed if it is wrong!
Offences and PenaltiesAny person who contravenes the DPA shall commitan offence.Where no specific penalty is provided for an offence,the person shall, on conviction, be liable to a fine notexceeding 200,000 rupees and to imprisonment for aterm not exceeding 5 years.
Exceptions to the LawThere is some data you cant see.If the data is held by thepolice,the security forces or theInland Revenue then access is denied.