Personal Data Protection Act 2010
|
|
- Ursula Perry
- 5 years ago
- Views:
Transcription
1 Personal Data Protection Act 2010 CIOs - are you ready for PDPA? 15 th January 2013 PIKOM PDPA Awareness Seminar Presented by: Joanna Liew Director of Deloitte Consulting Malaysia
2 Agenda Time 4:00pm 4:30pm 4:45pm Event Registration Overview of PDPA Key Components of PDPA 7 Principles of PDPA Understanding the Core Pillars of the Act Rights of Data Subject Know Your Rights as an Employee and Consumer Compliance Requirements What Employers Need To Do Getting Ready for PDPA Potential Impact and Risks A Practical Approach for Operationalising PDPA in Your Organisation 6:00pm Question & Answer Session 2
3 Overview of PDPA 3
4 Personal Data Protection in Malaysia The Malaysian government gazetted the Personal Data Protection Act 2010 (PDPA) with the aim of regulating the collection, storage, processing and use of any personal data. It is not intended to obstruct the legitimate use of information but strives to ensure that it is used fairly via its principles. Applies to Any person who processes or authorizes the processing of any personal data in respect of commercial transactions Personal data processed in Malaysia Uses of equipment in Malaysia for processing personal data 4
5 The Malaysian Personal Data Protection Act Protect personal data belonging to the public from being misused through commercial transactions Why PDPA? Protection of sensitive data from being misused Facilitate international trade Protect consumer rights Commercial transactions means any transaction of a commercial nature, whether contractual or not, which includes any matters relating the supply or exchange of goods or services, agency, investments, financing, banking and insurance. But does not include a credit reporting agency under the Credit Reporting Agencies Act
6 What is Personal Data? Any personal information in respect of commercial transactions Personal Data means.. Relates directly or indirectly to a data subject Includes sensitive personal data e.g. physical or mental health, political opinions, religious beliefs, offences or any other data as the Minister may determine Expression of opinion about the data subject 6
7 PDPA Enforcement Timeline We are here today Companies are to be given an estimated 3 MONTHS* for compliance to PDPA Jun 10 Personal Data Protection Act 2010 was gazette Feb 12 Personal Data Protection Department was set up Jan 13 From April 13 onwards (estimation)* ENFORCEMENT 7 Organisations should act now! Note: * According to Deputy Minister Datuk Joseph Salang, Information Communication and Culture Ministry, at the 2nd Annual Personal Data Protection Summit (Bernama published on 12 th December 2012). At this point in time, no date has been set on the enforcement start date as it is dependent on the formation of the Personal Data Protection Commission and appointment of the Commissioner.
8 Personal Data Protection Department Organisation Chart 8
9 List of Countries with Data Protection Europe All countries Asia Pacific Japan, Korea, New Zealand, Hong Kong, Macao, Taiwan, Thailand, Philippines, Singapore (Indonesia, China - Midst of finalisation) South America Chile, Argentina, Brazil, Mexico North America Middle East United States Israel No action so far.. Cambodia Vietnam Brunei Laos, etc.. 9
10 Various Roles Pertaining to PDPA Individuals whose data is collected for processing Person or organization, authorized for the processing of data. Data Subject Data User Hold or process data but do not exercise responsibility or control the data Data Processor 3 rd Party Any other person or organization other than the data subject, data processor or data user 10
11 Key Components of PDPA 11
12 7 Principles of PDPA 12
13 The 7 Principles of PDPA General Access Notice & Choice Data Integrity The 7 Principles Disclosure Retention Security 13
14 Principle No. 1 General PERSONAL DATA shall be processed if :- The data subject has given consent The processing is necessary for or directly related to that purpose It is adequate and not excessive in relation to that purpose SENSITIVE DATA shall be processed if : Data subject has given explicit consent Processing is necessary for employment, vital interest, medical, legal, administration of justice and others where Minister thinks fit Information has been made public by data subject 14
15 Business Process Example of Personal Data First Name Last Name Address IC No Bank Account No Phone Number Sensitive Data Employee Information Personal Data: Name IC numbers, passport numbers Driver s license, birth certificate Bank account numbers Home address, personal phone no. Sensitive Personal Data: Race, religion, health, political opinion, offence records Individual Customer Information Personal Data: Name IC numbers, passport numbers Personal phone number Home address, address Bank account numbers Sensitive Personal Data Race, religion, health, political opinion, offence records Third Party Information (if any) Contact name, number, address, etc 15
16 Principle No. 2 Notice & Choice DATA SUBJECTS should be informed by written notice on:- their personal data is being processed and a description of the personal data is provided the purpose of the collection the source of the personal data their rights to: request access and correct contact the data user for enquiries and complaint be informed of the third parties to whom the data user discloses or may disclose the personal data Limit the choices and means of processing personal data whether it is obligatory or voluntary for the data subject to supply the personal data 16
17 Principle No. 2 Notice & Choice (Cont d) NOTICE shall be given soonest possible:- At the time the data subject is first asked by the data user to provide his personal data At the time the data user first collect the personal data Before data user uses the personal data or discloses to a 3 rd party NOTICE shall be given in national and English language 17
18 Principle No. 3 Disclosure No PERSONAL DATA shall be disclosed without the consent of data subject:- for any other purpose(s) other than the purpose(s) it was collected, or a purpose directly related to the purpose the data was collected to any other party 18
19 Principle No. 4 Security A DATA USER needs to take practical steps to protect the personal data from any:- 19 Loss Misuse Modification Unauthorised or accidental disclosure Alteration or destruction Need to consider the following:- The nature of personal data The harm that would result from such misconduct The place or location where the personal data is stored The security measures to ensure reliability and integrity Measures taken to ensure the security transfer of the personal data
20 Principle No. 5 Retention PERSONAL DATA processed for any purpose shall not be kept longer than is necessary for the fulfilment of that purpose. It shall be the duty of a data user to take all reasonable steps to ensure that ALL personal data is destroyed or permanently deleted if it is no longer required for the purpose it was collected. OR 20
21 Principle No. 6 Data Integrity Data user shall take reasonable steps to ensure that the personal data is:- Accurate Complete Not misleading Kept up-to-date by having regard to the purpose of the data 21
22 Principle No. 7 Access A DATA SUBJECT shall be given their rights and access to:- Their personal data, and The ability to correct that personal data if it is: Inaccurate Incomplete Misleading Not up-to-date 22
23 Rights of the Data Subjects 23
24 Rights of Data Subject & Obligations of Data User Rights to correct Rights to withdraw consent Rights to prevent processing likely to cause damage / distress Rights to access Rights of Data Subject Rights to prevent processing for purposes of direct marketing Obligations of Data Users Comply within 21 days 24
25 Compliance Requirements 2013 Deloitte Consulting
26 Registration with the Commissioner Gazette, published by the Minister will state the required data users or certain classes of data users who are required to register with the Commissioner Application for Registration Submit an application for registration to the Commissioner Provide a prescribed registration fee and required documents Success Failure Provide a written notice with reasons Issue certificate of registration 26 Registration Renewal Renew 90 days before date of expiry Submit an application for renewal Provide renewal fee and required documents
27 Registration with the Commissioner (Cont d) Revocation of Registration Conditions leading to revocation: Fail to comply with the Act, conditions and restrictions Provide false representation of fact Cease processing of personal data Fail to comply Fine RM500,000 or / & Imprisonment of 3 years or less Surrender of Certification of Registration Surrender within 7 days to the Commissioner Fail to comply Fine RM200,000 or / & Imprisonment of 2 years or less 27
28 Sectors of Data Users Affected by the PDPA Communications Tourism and Hospitality Services Banking and Financial Institutions Transportation Real Estate Insurance and Takaful Education Utilities Health Direct Selling and Direct Marketing All relevant Statutory Bodies 28
29 Exemptions 2013 Deloitte Consulting
30 Full Exemption Partial Exemption Exemptions of PDPA At the request of the data subject Performance of a contract where data subject is a party Compliance with legal obligation To protect vital interest of data subject Administration of justice Personal, family, household and recreational Crime Prevention/Detection Offenders Apprehension/Prosecution Tax/Duty Assessment/Collection Physical/Mental Health Statistics/Research Court Order/Judgment Regulatory Functions Journalistic/Literary/Artistic Other cases as prescribed by the Minister by order published in the Gazette 30
31 Breaches of the Act 2013 Deloitte Consulting
32 Fines & Penalties Not more than RM500,000 / Not more than 3 years or both Processes personal data without a certificate of registration Continues to process personal data after registration has been revoked Unlawful collecting, disclosing, selling of personal data, 32
33 Fines & Penalties Not more than RM300,000 / Not more than 2 years or both Contravenes with PDP Principles Transfer of personal data to a place outside Malaysia not specified by the Minister and not in the Gazette 33
34 Fines & Penalties Not more than RM250,000 / Not more than 2 years or both Contravenes with regulations and subsidiary legislation 34
35 Fines & Penalties Failure to surrender certificate of registration upon revocation Not more than RM200,000 / Not more than 2 years or both Contravenes with conditions in processing sensitive personal data Fails to comply with Commissioner s requirement Fails to comply with enforcement notice 35
36 Fines & Penalties Not more than RM100,000 / Not more than 1 year or both Refusal to comply with data correction request Non compliance with any code of practice applicable to data user Continues to process after withdrawal of consent to process personal data 36
37 Getting Ready for PDPA 37
38 Potential Privacy Related Risk to the Organization 38
39 Potential Privacy Related Risks Legal Risk Reputation Risk Financial Risk Fine & / or Imprisonment Reputation & Brand Damage Lost Sales, Investigations & Operational Clean Up Costs 39 * Reputational damage will be of most concern to organisations particularly given the media attention such incidents command
40 Violation Cases 40
41 Actual Cases: Pfizer 41
42 Actual Cases: Sony 42
43 43
44 Actual Cases: Apple Apps 44
45 Actual Cases: Google Street Australia Google is almost certain to face prosecution for collecting data from unsecured wi-fi networks, according to Privacy International (PI). The search giant has been under scrutiny for collecting wi-fi data as part of its StreetView project. June 9,
46 Actual Cases: Tesco 46
47 Actual Cases: Financial Institutions 47
48 Actual Cases: Malaysia 48
49 Actual Cases: Malaysia 49
50 Actual Cases: Malaysia 50
51 Portion of IT Budget Deloitte s IT-Business Balance Survey What portion of the IT Budget of your organization is spent every year on data security and data privacy? More than 10% Between 5% and 10% Between 3% and 5% Between 1% and 3% Americas (excld. USA) Asia-Pacific EMEA Less than 1% 51 Source: Deloitte IT-Business Balance Survey (%)
52 Surveys on Current Awareness of Organisations What is the current awareness level of the organisations on their security and privacy incidents? 52 Source: Deloitte IT-Business Balance Survey
53 A Practical Approach to PDPA Compliance 53
54 Organisation & Governance Governance Training and Awareness Key Considerations Physical Security Outsourcing Request for Access 54
55 Governance Reporting Lines 55
56 Human Resource Disclosure, Sharing & Selling of Information Notification Key Considerations Retention & Disposal of Records Access Request Handling Sensitive Information 56 EMPLOYMENT REFERENCES
57 Information Technology Data Usage & Monitoring Password Data Back-up & Archival Key Considerations Systems Implementation Portable Devices Security & Access 57
58 Information Technology Privacy Impact Assessments (PIA) for New System Implementation Privacy protection should be designed into a system, rather than bolted-on later. PIA is normally required for government projects but can be used as a guide for organisations to: o Start early to ensure that project risks are identified and appreciated before the problems become embedded in the design. o Commence a PIA as part of the project initiation phase (or its equivalent in whichever project method the organisation uses). o If the project is already under way, start today, so that any major issues are identified with the minimum possible delay. 58 Source:
59 Tips Towards Mobile Privacy 59 Source: Deloitte Knowledgebase
60 PDPA in Cloud Environment Service Models Identify the Data Controller Responsibilities of the Data Controller Selecting a Cloud Provider 60
61 Sales & Marketing Notification & Consent Campaigns Marketing Activities Key Considerations Mail/ Calls Faxes 61
62 Sales & Marketing Marketers: Prepare to Self-Regulate Audit your use of consumer data Rewrite privacy policies Emphasize user benefits 62
63 Notification (Examples) 63
64 Notification (Examples) 64
65 Notification (Examples) 65
66 Drafting a Good Privacy Notice At a minimum, a privacy notice should include the following: Sender is clearly identified Purpose and Use is defined very clearly Who are you disclosing the information to is indicated How to access (if applicable) Various mediums can be used to deliver privacy notices. i.e electronically, verbal, etc 66
67 Moving Forward with PDPA 67
68 How to Move Forward? Create awareness in the organisation Awareness of internal policies for securing personal data To create a culture of high awareness Knowing your current compliance level Understand the impact of PDPA Identify the gaps Designate a Chief Data Protection Officer or Committee Define an information protection strategy Develop short term compliance programmes Developing polices for PDPA Policies spanning across legal, IT, marketing, human resource, customer services, etc. Focus on end-to-end Data Privacy & Protection Governance processes, policies and procedures in line with PDPA Periodic compliance review Conduct annual compliance or specific audit checks What s your PDPA compliance roadmap? 68
69 Deloitte s 3A Approach Know the Law PDPA Implementation Lifecycle Comply & Fine Tune Understand the Gaps 69
70 Questions to Ponder on What are the common risks faced by your relevant department? i.e IT Department? From your perspective, what are the short term initiatives that you can implement? How would you as a key person in IT help promote awareness amongst your colleagues in your respective departments? 70
71 Question & Answer 71
72 Contact Us Joanna Liew Ho Sai Weng Kwan Wen Ching For inquiries in relation to PDPA 2010, please Alternatively, we can be contacted at:
73 Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms.
SCCCI Personal Data Protection Policy
SCCCI Personal Data Protection Policy At SCCCI, we are committed to protecting and safeguarding the personal data we collected from you. This Personal Data Protection Policy describes the types of personal
More informationSouthern Golden Retriever Rescue Data Protection Policy
Southern Golden Retriever Rescue Data Protection Policy Date: 16.05.18 V3 Next Policy Review Date by Trustees: May 2019 Contents 1. Introduction... 2 2. Policy... 2 3. Responsibilities... 2 4. Definitions...
More informationGLOBAL DATA PROTECTION POLICY URUP
Page 1 of 8 1. SCOPE AND INTRODUCTION GLOBAL DATA PROTECTION POLICY URUP 1.1. This document is intended to provide a policy under which URUP International Limited, its subsidiaries and affiliates and/or
More informationManagement of Personal Information Policy (Privacy Policy)
Management of Personal Information Policy (Privacy Policy) Henkel Australia and New Zealand Prepared by: Reviewed by: Human Resources Henkel Australia ANZ EXCOM Henkel Australia & New Zealand Approved
More informationJULY Personal data protection. law
JULY 2016 Personal data protection ASEAN s data: protected? Since computing power became a commercial reality, the value of data, especially in bulk, has escalated exponentially. Data today is a valuable
More informationYMCA SOUTH AUSTRALIA Privacy Policy
Policy Title: Author: YMCA SOUTH AUSTRALIA Created by: 1 P a g e Policy Title: Author: 1. Introduction considers the privacy of individuals, staff, volunteers, clients, Member Associations and associated
More informationPrivacy Policy. IS Industry Fund Pty Ltd ATF Intrust Super. Revision History. The table below sets out the history of this document.
IS Industry Fund Pty Ltd ATF Intrust Super Revision History The table below sets out the history of this document. Version Reasons for amendment Prepared by Date approved 1 Complete redrafting of the Privacy
More informationAll Sorts UK Limited Data Protection Policy 17 th May 2018
All Sorts UK Limited Data Protection Policy 17 th May 2018 1. Introduction This Policy sets out the obligations of All Sorts UK Limited, a company registered in England under number 03534972, whose registered
More informationPRIVACY NOTICE Use of Information Data Controller and Data Processor
PRIVACY NOTICE Please take time to read this document carefully as it contains details of the basis on which we will process (collect, use, share, transfer) and store your information. You should show
More informationBanks Sheridan Limited Data Protection Privacy Policy 19 May 2018
Banks Sheridan Limited Data Protection Privacy Policy 19 May 2018 1. Introduction This Policy sets out the obligations of Banks Sheridan Limited ( the Company ) regarding data protection and the rights
More informationWelcome To Your Data Protection Journey. Paula Tighe Information Governance Executive
Welcome To Your Data Protection Journey Paula Tighe Information Governance Executive Legal Statement All information in this presentation is protected under copy right and where indicated protected under
More informationGuide to compliance with the Australian Privacy Principles. APP 1 Open and transparent management of personal information
Guide to compliance with the Australian Privacy Principles This guide provides a summary of each of the Australian Privacy Principles (APPs) prescribed under the Privacy Act 1988 (Cth), together with some
More informationLegal Compliance Education and Awareness. Privacy Act (Commonwealth)
Legal Compliance Education and Awareness Privacy Act 1988 (Commonwealth) Background The Privacy Act 1988 (Cth) applies to some private sector organisations and Commonwealth government agencies State government
More informationPrivacy Policy. Who we are. Definitions
Privacy Policy Your privacy is important to us and we are committed to being open and transparent about how we manage personal information. This helps build community trust and confidence in our organisation.
More informationBANK OF CHINA AUSTRALIAN OPERATIONS PRIVACY POLICY
BANK OF CHINA AUSTRALIAN OPERATIONS PRIVACY POLICY We, Bank of China Limited, Sydney Branch ABN 29 002 979 955 AFSL No. 230547 and Bank of China (Australia) Limited ABN 28 110 077 622 AFSL and Australian
More informationPersonal Data. Protection Policy
Personal Data Protection Policy Version 1 May 2018 Contents Terms Definitions... 3 1. Objective and Scope... 4 2. What are Personal Data?... 4 3. Who are affected by Personal Data Processing?... 4 4. What
More informationMan and Machine - Data Protection Policy
Man and Machine - Data Protection Policy 1. Introduction This Policy sets out the obligations of Man and Machine Ltd, whose registered office is at Unit 8 Thame 40, Jane Morbey Road, Thame, Oxfordshire,
More informationPOSITIVE SOLUTIONS FAIR PROCESSING NOTICE
FAIR PROCESSING NOTICE P 1 POSITIVE SOLUTIONS FAIR PROCESSING NOTICE INTRODUCTION following: Positive Solutions (Financial Services) Ltd. Registered Individuals of Positive Solutions (Financial Services)
More informationWhat is a Fair Processing Notice (FPN)? To ensure that we process your personal data fairly and lawfully we are required to inform you:
Fair Processing Notice Intrinsic Financial Services ("Intrinsic") it's Appointed Representatives ("AR") and the AR's Advisers are committed to complying with the Data Protection Act 1998. As a financial
More informationASTRAZENECA GLOBAL POLICY DATA PRIVACY
ASTRAZENECA GLOBAL POLICY DATA PRIVACY This Global Policy sets out the requirements for ensuring that we collect, use, retain and disclose personal data in a fair, transparent and secure way. Personal
More informationJPMorgan recognises the importance of the personal information we hold about individuals and the trust they place in us.
JPMorgan Privacy Policy for use in its Australian Operations JPMorgan recognises the importance of the personal information we hold about individuals and the trust they place in us. By explaining our Privacy
More informationDATA PROTECTION POLICY. Little Baddow Parochial Church Council
DATA PROTECTION POLICY Little Baddow Parochial Church Council INTRODUCTION: The Data Protection Act 1998 ( the Act ) seeks to protect individuals against the unfair use of personal information. There are
More informationData Protection Privacy Notice for people not directly involved in the accident
Data Protection Privacy Notice for people not directly involved in the accident Purpose of this Privacy Notice MIB (or we ) respects your privacy and is committed to protecting your personal data. This
More information* Unless otherwise indicated, this policy will still apply beyond the review date.
Name of Policy Description of Policy Privacy Policy This policy sets out how ACU manages privacy obligations and reflects the 13 Australian Privacy Principles (APPs) from Schedule 1 of the Privacy Amendment
More informationData Protection Cayman Islands
Data Protection Cayman Islands Author: Martin S. Lane, Partner In June 2017, The Data Protection Law (the DP Law ) was published in the Cayman Islands Official Gazette. The DP Law will be brought into
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Author: Mrs A Taylor Approval needed Board of Directors by: Adopted (date): 6 December 2016 Date of next review: December 2017 Data Protection Policy Introduction The de Ferrers
More informationINTERNATIONAL SOS. Data Protection Policy. Version 1.8
INTERNATIONAL SOS Data Protection Policy Document Owner: LCIS Division Document Manager: Group General Counsel Effective: December 2008 2017 All copyright in these materials are reserved to AEA International
More informationMobius Life Limited Data Privacy Notice
Mobius Life Limited Data Privacy Notice Introduction This data privacy notice confirms how Mobius Life Limited (referred to hereafter as our, us, we or MLL ) obtains, manages, uses, retains and destroys
More informationPrivacy Statement v 1.1
Privacy Statement v 1.1 Context and Overview This notice will take effect from 25/05/2018 Burke Insurances Ltd. is committed to protecting and respecting your privacy. It is the intention of this privacy
More informationERGO Versicherung AG UK Branch Data Privacy Notice
ERGO Versicherung AG UK Branch Data Privacy Notice This privacy notice is designed to help you, as a customer of ERGO Versicherung AG UK Branch (ERGO), to understand how we process your personal. You are
More informationCODE OF PRACTICE ON PERSONAL DATA PROTECTION FOR THE INSURANCE AND TAKAFUL INDUSTRY IN MALAYSIA
CODE OF PRACTICE ON PERSONAL DATA PROTECTION FOR THE INSURANCE AND TAKAFUL INDUSTRY IN MALAYSIA Code of Practice on Personal Data Protection for the Insurance and Takaful Industry in Malaysia Contents
More informationprivacy notice who is responsible for processing your personal data and who you can contact in this regard reasons for processing your data
privacy notice privacy notice This privacy notice provides an overview of how Pancyprian Insurance Ltd (the Company ) processes your personal data. Personal data refers to any information relating to you
More informationDATA PROTECTION AND PERSONAL INFORMATION FAIR PROCESSING POLICY
Directorate of Clinical and Quality Assurance & Trust Secretary DATA PROTECTION AND PERSONAL INFORMATION FAIR PROCESSING POLICY Reference: CQP013 Version: 1.1 This version issued: 07/03/13 Result of last
More informationPrivacy Policy. NESS Super is committed to respecting your right to privacy and protecting your personal information.
February 2018 Privacy Policy Our privacy commitment to you NESS Super is committed to respecting your right to privacy and protecting your personal information. We are bound by the provisions of the Privacy
More informationMONASH UNIVERSITY PRIVACY COMPLIANCE MANUAL
MONASH UNIVERSITY PRIVACY COMPLIANCE MANUAL Last updated: September 2009 TABLE OF CONTENTS Introduction...4 Checklist For Compliance With The Privacy Laws All Staff...5 Checklist For Compliance With The
More informationThe Pension and Life Assurance Plan of NG Bailey (Scheme) Privacy notice
The Pension and Life Assurance Plan of NG Bailey (Scheme) Privacy notice WHAT IS THE PURPOSE OF THIS DOCUMENT? The trustees are committed to protecting the privacy and security of your personal information.
More informationPrivacy Notice Student Loans Company Ltd
Privacy Notice Student Loans Company Ltd Student Finance England is the student finance service provided in England by the Student Loans Company Ltd. Student Finance Wales is the student finance service
More informationLOCAL GOVERNMENT ASSOCIATION TEMPLATE MEMORANDUM OF UNDERSTANDING FOR LGPS FUNDS
LOCAL GOVERNMENT ASSOCIATION TEMPLATE MEMORANDUM OF UNDERSTANDING FOR LGPS FUNDS 1. This template memorandum of understanding has been prepared for the Local Government Association. We understand that
More informationERGO Versicherung AG UK Branch Data Privacy Notice
ERGO Versicherung AG UK Branch Data Privacy Notice This data privacy notice is designed to help you understand how ERGO Versicherung AG UK Branch (ERGO) processes your personal data. This notice specifically
More informationFair Processing Notice
Fair Processing Notice Mortgage Select SW Ltd ( Mortgage Select ) and our advisers and staff are committed to complying with the Data Protection Act 1998. As a financial services intermediary Mortgage
More informationArcare Aged Care APP Privacy Policy
Arcare Aged Care APP Privacy Policy Introduction The purpose of this privacy policy is to outline the practices adopted by Arcare Aged Care (Arcare) for the management of personal and health information.
More informationFOIP and the Trustee. Presentation by Angela Town ASBA Legal Services January 21, 2014
FOIP and the Trustee Presentation by Angela Town ASBA Legal Services January 21, 2014 FOIP Freedom of Information and Protection of Privacy Act 2 About the FOIP Act public bodies framework within which
More informationKCSP Data Protection Policy
KCSP Data Protection Policy Approving Body Board of Directors Approval Date March 2017 Review Date March 2019 By knowledge the upright are safeguarded [Proverbs 11/9] 1. Statement of purpose The purpose
More informationTwilio Data Protection Addendum ( DPA ) (GDPR, Binding Corporate Rules, Privacy Shield, and Standard Contractual Clauses) (Revision June 2018)
Twilio Data Protection Addendum ( DPA ) (GDPR, Binding Corporate Rules, Privacy Shield, and Standard Contractual Clauses) (Revision June 2018) Once fully executed, this DPA forms a part of the agreement
More informationData Protection Policy. Newbury Academy Trust
Newbury Academy Trust 1. Introduction 1.1. Academy, Academy Trust all refer to Newbury Academy Trust, Love Lane, Newbury, Berkshire, RG14 2DU. School refers to one of the three schools within the Newbury
More informationEQUAL ACCESS FUNDING PTY LTD PRIVACY POLICY
1. INTRODUCTION EQUAL ACCESS FUNDING PTY LTD PRIVACY POLICY This Policy applies to Equal Access Funding Pty Ltd ABN 23 156 554 255 (referred to as EAF, we, our, us ) and covers all of its operations and
More informationPRIVACY AND CREDIT REPORTING POLICY
PRIVACY AND CREDIT REPORTING POLICY October 2018 CONTENTS What is personal information?... 3 Information we may collect, use and disclose about you... 4 Collection of sensitive information... 6 How personal
More informationMember Circular March Implementation of the EU General Data Protection Regulation 2016/679 General Guidance to Members
Member Circular March 2018 Implementation of the EU General Data Protection Regulation 2016/679 General Guidance to Members Introduction Regulation (EU) 2016/679 containing the General Data Protection
More informationNorth Yorkshire Pension Fund
North Yorkshire Pension Fund Memorandum of Understanding regarding Compliance with Data Protection Law If you require this information in an alternative language or another format such as large type, audio
More informationPrivacy Policy and Personal Data
ERGO Insurance SE Lithuanian Branch Privacy Policy and Personal Data ERGO Insurance SE Lithuanian Branch and ERGO Life Insurance SE (hereinafter referred to as ERGO or we ) understand that personal data
More informationAmgen Binding Corporate Rules (BCRs) Public Document
Amgen Binding Corporate Rules (BCRs) Public Document Introduction: Amgen is a biotechnology leader committed to serving patients with grievous illness. Binding Corporate Rules (BCRs) express Amgen s commitment
More informationGROUP PRIVACY POLICY. Adopted June 20th, 2017 by each of the Boards of Carnegie Holding AB and Carnegie Investment Bank AB (publ).
GROUP PRIVACY POLICY Adopted June 20th, 2017 by each of the Boards of Carnegie Holding AB and Carnegie Investment Bank AB (publ). 1 PURPOSE AND SCOPE 1.1 The aim of this policy is to establish uniform,
More informationPrivacy Policy. Amendment History. Trustee Name
Trustee Name Policy Name Number of Pages (ABN: 74 065 680 195, RSE: L0003155), trustee of the Manildra Flour Mills Retirement Fund (ABN: 32 448 411 930, RSE R1067415) 6 (plus this covering page and a contents
More informationWhat types of personal information is collected and why? Our privacy commitment to you. Personal information. What is personal information?
Our privacy commitment to you CSF Pty Limited (ABN 30 006 169 286, AFSL 246664) (the Trustee), the trustee of the MyLifeMyMoney Superannuation Fund (ABN 50 237 896 957) (the Fund) is committed to respecting
More informationThe GDPR how to prepare MiFID II where are we now? Wednesday 21 February 2018
The GDPR how to prepare MiFID II where are we now? Wednesday 21 February 2018 GDPR so far The EU General Data Protection Regulation (Regulation (EU) 2016/679) comes into effect on 25 May 2018 Aims to protect:
More informationPROTECTION OF PERSONAL INFORMATION POLICY (PoPI)
PROTECTION OF PERSONAL INFORMATION POLICY (PoPI) 1. Purpose The purpose of the PoPI Act (Protection of Personal Information Act) is to ensure that all South African institutions conduct themselves in a
More information2. FROM WHICH SOURCES THE BANK COLLECTS YOUR PERSONAL DATA?
P R I V A C Y N O T I C E Last updated May 2018 Eurobank Cyprus Ltd ( the Bank ) wishes to inform you why and how the Bank collects and processes your personal data as well as of your rights under local
More informationReform in the Malaysian Corporate Landscape Key Highlights under the New Companies Act
Reform in the Malaysian Corporate Landscape Key Highlights under the New Companies Act Brochure / report title goes here Section title goes here 2 Contents Introduction 4 Key Highlights Creating a Conducive
More informationPRIVACY NOTICE LAST UPDATED: SEPT. 2018
PRIVACY NOTICE LAST UPDATED: SEPT. 2018 HOW THE BANK USES YOUR PERSONAL DATA This privacy notice provides an overview of how Hellenic Bank Public Company Ltd (the Bank ) processes your personal data. Personal
More informationData held by BASC clubs and syndicates - a brief guide
Data held by BASC clubs and syndicates - a brief guide Introduction All clubs and friendly societies should not collect more information than necessary or legally entitled to under the Data Protection
More informationGROUP POLICY - PRIVACY
Perpetual Limited GROUP POLICY - PRIVACY 13 February 2018 Perpetual Limited ABN 86 000 431 827 PURPOSE Perpetual is committed to protecting your privacy and safeguarding your personal information. This
More informationPrivacy. Policy. Purpose. Coverage. Policy. Code and version control:
Privacy Policy Code and version control: COR013/24-01-2017 Policy owner : Director Corporate and Student Services Date approved by CEO: 24 January 2017 Scheduled review date: 24 January 2020 Related policies
More informationFitzwilliam College Data Protection Policy
Fitzwilliam College Data Protection Policy INTRODUCTION The information within this policy and supporting guidelines are important and apply to all members and staff of the College who shall in this policy
More informationCHAPTER INTERNATIONAL MUTUAL FUNDS ACT
SAINT LUCIA CHAPTER 12.16 INTERNATIONAL MUTUAL FUNDS ACT Revised Edition Showing the law as at 31 December 2008 This is a revised edition of the law, prepared by the Law Revision Commissioner under the
More informationBroadbean Technology Limited - Data Processing Agreement (25th May 2018)
Broadbean Technology Limited - Data Processing Agreement (25th May 2018) This agreement and its associated schedules shall come into force with effect from 25 th May 2018 and shall from that date replace
More informationAMIST Super. Privacy Policy
AMIST Super Privacy Policy Our privacy commitment to you AMIST Super is committed to respecting your right to privacy and protecting your personal information. We are bound by the provisions of the Privacy
More informationTransfer Pricing breakfast briefing Committed to your success See Jee Chang, Tax Partner, Transfer Pricing Leader, Deloitte Singapore
Transfer Pricing breakfast briefing Committed to your success See Jee Chang, Tax Partner, Transfer Pricing Leader, Deloitte Singapore Introduction of new transfer pricing legislations and rules Income
More informationData Processing Addendum
Data Processing Addendum This Data Processing Addendum ( DPA ) forms part of the Agreement(s) and is entered by and between the Customer and the Service Provider on the Effective Date. For the avoidance
More informationRevising policies and procedures under the new EU GDPR
Revising policies and procedures under the new EU GDPR Richard Campo, CISM GRC Consultant IT Governance Ltd 1 Sept 2016 www.itgovernance.co.uk TM Introduction Richard Campo GRC consultant Data protection
More informationPrivacy Policy. HDI Global SE - UK
Privacy Policy HDI Global SE - UK Privacy Policy Your privacy is very important to us. We promise to respect and protect your personal information and try to make sure that your details are accurate and
More informationTIFFANY AND COMPANY: EU-U.S. PRIVACY SHIELD PRIVACY POLICY - CONSUMER DATA
Last Updated: September 20, 2016 Tiffany and Company ( Tiffany ) respects your concerns about privacy. Tiffany participates in the EU-U.S. Privacy Shield ( Privacy Shield ) framework issued by the U.S.
More informationLUXOFT GROUP DATA PROTECTION POLICY Approved DOCUMENT NUMBER PAGE 1 LUXOFT GROUP DATA PROTECTION POLICY
1 LUXOFT GROUP DATA PROTECTION POLICY 2 CONTENTS Part One: General Page 3 Data Protection Policy: Requirements for all Luxoft Group Staff Part Two: Department or country specific guidance Page 8 3 PART
More informationLoan Information and Application Guide
INTERNATIONAL OS-HELP ASSISTANCE APPLICATION STUDENT CENTRAL LOCKED BAG 1797, PENRITH NSW 2751 Loan Information and Application Guide The Australian Government provides loans to assist eligible students
More informationAIA Singapore Launches FIRST-IN-MARKET Mobile Application for Employees to View Their Employee Benefits and Submit Insurance Claims on the Go
AIA Singapore 1 Robinson Road, AIA Tower Singapore 048542 T : 1800 248 8000 AIA.COM.SG Real change to health begins at AIAVitality.com.sg Media Release FOR IMMEDIATE RELEASE AIA Singapore s innovation
More informationFLASH TRADER APP STANDARD TERMS AND CONDITIONS
FLASH TRADER APP STANDARD TERMS AND CONDITIONS 1. Introduction 1.1These terms and conditions govern your relationship with us. By downloading and using our App you agree to and accept our terms and conditions.
More informationGROWTH & INCOME INDEX 2014 UNIT TRUST FUND INVESTOR BEHAVIOUR STUDY MALAYSIA
GROWTH & INCOME INDEX 204 UNIT TRUST FUND INVESTOR BEHAVIOUR STUDY MALAYSIA June 204 CONTENT Foreword By Eastspring Investments Executive Summary The Growth & Income Index Investors Current and Projected
More informationHESLOP & PLATT SOLICITORS LIMITED - PRIVACY POLICY
HESLOP & PLATT SOLICITORS LIMITED - PRIVACY POLICY In this Privacy Policy the terms, 'we' or 'us' is Heslop & Platt Solicitors Limited. Your privacy is important to us and we are committed to keeping your
More informationCiti Canada. Privacy of Personal Information Statement
Privacy of Personal Information Statement TABLE OF CONTENTS Page INTRODUCTION... 3 OUR PRIVACY NOTICE... 3 GENERAL... 3 CHANGES TO THIS PRIVACY STATEMENT... 3 CATEGORIES OF PERSONAL INFORMATION WE COLLECT
More informationOur privacy commitment to you. What types of personal information is collected and why? About us. Personal information. What is personal information?
Our privacy commitment to you CSF Pty Limited (ABN 30 006 169 286, AFSL 246664) (the Trustee), the trustee of the MyLifeMyMoney Superannuation Fund (ABN 50 237 896 957) (the Fund) is committed to respecting
More informationDATA PROTECTION ADDENDUM
DATA PROTECTION ADDENDUM In the event an agreement ( Underlying Agreement ) entered into by and between (i) either Sunovion Pharmaceuticals Inc. or its subsidiary, Sunovion Pharmaceuticals Europe Ltd.
More informationPension Trustees. Final Countdown to the GDPR
Pension Trustees Final Countdown to the GDPR Introduction The General Data Protection Regulation (GDPR) will come into force in all EU Member States in May 2018. It is not a radical departure from the
More informationWithholding tax Deloitte Tax Services Sdn Bhd
Malaysian Dutch Business Council (MDBC) Burning International Tax Issues 3 April 2017 Withholding tax WHT - Introduction Imposed on non-residents deriving income from Malaysia. The payer is responsible
More information1. What Data do we collect and where do we get it from?
HOW WE PROTECT YOUR PERSONAL INFORMATION PLEASE READ THIS CAREFULLY 1. What Data do we collect and where do we get it from? For the purposes set out in this notice, the Information Commissioner (ICO) requires
More informationNewsletter NEW DATA PROTECTION REGIMES IN THE EU AND JAPAN: Similarities and Differences. Atsumi & Sakai
Newsletter Atsumi & Sakai NEW DATA PROTECTION REGIMES IN THE EU AND JAPAN: Similarities and Differences ATSUMI & SAKAI TOKYO LONDON FRANKFURT www.aplaw.jp/en NEW DATA PROTECTION REGIMES IN THE EU AND JAPAN:
More informationData Transfer Policy Version 1.1 Last amended: 18 September 2014 Policy Owner: Governance Team
Data Transfer Policy Version 1.1 Last amended: 18 September 2014 Policy Owner: Governance Team The University of Nottingham ( the University ) Tri-Campus Data Transfer Policy Background and Statement of
More informationPrivacy Policy Statement
Privacy Policy Statement QuoteDevil is committed to protecting and respecting your privacy. It is the intention of this privacy policy statement to explain to you the information practices of QuoteDevil
More informationRecent Developments in E-hailing Services
Recent Developments in E-hailing Services Land Public Transport (Amendment) Bill 2017 and the Commercial Vehicles Licensing Board (Amendment) Bill 2017 On 27 July 2017, the Land Public Transport (Amendment)
More informationThe employer s mandate & GST compliance workshop Are you ready to take charge?
The employer s mandate & GST compliance workshop Are you ready to take charge? Tuesday, 8 September 2015 8.00am - 5.15pm Promenade Hotel No. 4, Lorong Api-Api 3 Api-Api Centre 88000 Kota Kinabalu Brought
More informationLinemac Toyota s APP Privacy Policy
Linemac Toyota s APP Privacy Policy Introduction 1. This APP Privacy Policy of Linemac Motors Pty Ltd ACN 079 361 274 trading as Linemac Toyota ( Linemac Toyota ) is Linemac Toyota s official privacy policy
More informationPrivacy Statement for Intermediaries
Privacy Statement for Intermediaries This Privacy Statement applies to intermediaries who submit business under the following terms: (1) Terms of Business Non-FCA Regulated Firms, and (2) Terms of Business
More informationAboriginal Housing Victoria (AHV) Privacy Policy
Aboriginal Housing Victoria (AHV) Privacy Policy DOCUMENT CONTROL Policy Policy Number Privacy Policy M002 Date of Issue 4 December 2018 Last Reviewed 12 July 2018 Version 2.0 Responsible Department Human
More information1.1. This policy lays out how Glebe Primary School will comply with its responsibilities under the Data Protection Act 1998.
We can and we will GLEBE PRIMARY SCHOOL Data Protection Policy Mission Statement: At Glebe School we believe in an ethos that values the whole child. We strive to enable all children to achieve their full
More informationING Privacy Policy. Issued June 2017
ING Privacy Policy Issued June 2017 1. Privacy Policy This Privacy Policy applies to ING Bank (Australia) Limited (ABN 24 000 893 292) and ING Bank N.V. Sydney Branch. The terms "we", "us" or "our" used
More informationPRIVACY POLICY OF BPO INSOLVENCY LIMITED (COMPANY REGISTRATION NO ) REGISTERED OFFICE 37 WALTER ROAD SWANSEA SA1 5NW
PRIVACY POLICY OF BPO INSOLVENCY LIMITED (COMPANY REGISTRATION NO. 09830297) REGISTERED OFFICE 37 WALTER ROAD SWANSEA SA1 5NW 1. This Policy We take privacy seriously and we are committed to protecting
More informationTerms of Conditions and Use
Boardingware Terms of Conditions and Use EFFECTIVE: 17th May, 2018 1. The Website, App and Service 1.1 These terms and conditions (Terms) apply to the provision and use of Boardingware International Limited
More informationMEMBERS TERMS & CONDITIONS
MEMBERS TERMS & CONDITIONS The PETRONAS Mesra Loyalty Programme is owned, operated and managed by PETRONAS Dagangan Berhad. By applying for and/or using the card, you agree to be bound by the following
More informationPrivacy Policy. This privacy policy shall be valid even if you have reserved your transfers through the other sales partners of Plus Group Kft.
Privacy Policy Plus Group Kft. (1033 Budapest, Polgár utca 8-10., www.plusairsolutions.com, informationsecurity@plusairsolutions.com, tax number: 22976309-2-41, hereinafter: Plus Group Kft., service provider
More informationOFFSHORE BANKING ACT 1990 (Act 443) ARRANGEMENT OF SECTIONS. Part I. Preliminary. Part II. Licensing Of Offshore Banks. Part III
OFFSHORE BANKING ACT 1990 (Act 443) ARRANGEMENT OF SECTIONS Part I Section Preliminary 1. Short title and commencement 2. Interpretation 3. Functions, powers and duties of the Bank Part II Licensing Of
More informationThe following guidelines have been developed to assist all staff with the adherence to the Privacy & Data Protection Act (Vic) 2014 (the PDP Act ).
Privacy Policy Code and version control: COR013/02-07-2015 Policy owner : Director Corporate Date approved by CEO: 2 July 2015 Scheduled review date: 2 July 2018 Related policies and documents: Privacy
More informationEMPLOYEE NOTICE OF DATA PRIVACY POLICIES AND PROCEDURES
EMPLOYEE NOTICE OF DATA PRIVACY POLICIES TABLE OF CONTENTS A. Ecolab s Commitment to Data Privacy... 2 B. Definitions... 2 C. Scope... 3 D. Application of Local Law... 3 E. Employee Data Collected... 3
More information