8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx
HOW TO PROCESS DATA IN VARIOUS GEO'S A COMPARATIVE ANALYSIS BY SANJEEV SINGH BHARWAN
1. HOW TO PROCESS DATA
A BASIC COMPARATIVE ANALYSIS
BY BHARWAN SANJEEV SINGH
2. INDIA UNITED STATES UNITED KINGDOM AUSTRALIA THILAND GERMANY UAE SAUDAI
1.No specific
law applicable
in relation to
data
processing in
India.
2.Consent of
data subject is
required
under the
interpretation
of Section 72
A of IT Act.
1. FTC requires that company
once disclosed privacy policy
should take care of its policy
(although no law ask any
company to disclose any
privacy policy).
2.GLBA Act in case if
Financial Organization want
to disclose information to
third party they should
intimate it to Data Subject
and take approval Data
subject can opt out as well.
3.Companies should have
written security policy.
(which should include 1.Data
Encryption.2.uthentication
mechanisms 3.Frequent
Monitoring and testing.
4.Theft prevention
programme.
4. Under HIPPA minimum PHI
should be use, request and
disclose for any transaction.
5.Compliance of HIPPA
electronic transformation
procedure.
6.Under Californian law
encryption of data is a prime
requirement.
1.DPA Part I Schedule I and DPA
Part II Schedule 1 to be
complied.
2.Data should not be
excessively taken against the
purpose.
3.Not be kept for longer than
required.
4.Data to be protected with
appropriate technical / org
measures.
5.Lawful processing is not
defined so Data Processor must
comply with all relevant rules
and laws.
1.Company has to comply
10 NPPs by the OAIC
I. How to collect the
data.
II. How org may use and
disclose info.
Iii. Information no
alteration and secure.
Iv. Policy at place to show
in relation to how they
protect data collected.
V. access of information
to data subject.
vi. No govt. data.
vii. Policy of company
regarding data protection
when data is moving
outside Australia.
viii. Higher standard for
sensitive info (health,
racial, ethnic,
background, criminal
record etc...)
1.Data Controller should
have appropriate
security system to
protect stored
information. (no
standard defined as
such).
2.Data used or disclosed
should be current and
accurate.
3. Penalties: Up to 18
months imprisonment
and up to 20.000 Thai
Bhat fine.
1. Data reduction is the
principal in Germany. (one
should use as little personal
data as possible strictly for the
purpose only).
2.Express permission required
from BDSG or Data Subject in
advance. (Exception is
exemption of applicable law or
in case Data Subject has
justified interest).
3.Reason of data collection
must be defined.
4.Information should be
available to data subject all the
time when requested.
5.Personal data must be
deleted in case if it is no longer
required for the purpose.
1.Only legal
requirement in
UAE is personal
data should not
be carried out
without the prior
consent of the
individual / data
subject.
2.Data laws are
guided by local
privacy protection
directives
mentioned at
various places (no
actual directive
lead this
concept)>
Data Controller is not
defined in Saudi.
1.Only limited
information required to
assess financial situation
and ability to repay can
be taken in relation to
credit management.
Article 2.2 AND 3.1 Credit
Regulation.
2.Collection Data only be
processed in relation to
purpose. Article 2.2 and
3.1, Credit Regulation.