The Data Bill seeks to protect private data by governing standards around data
management and transfer. Provisions relate to:
a. Two types of private data; sensitive and normal private data.
Sensitive private data refers to religion/beliefs, health, physical and mental
status, sex life, financial position. Normal private data refers to data identification
information. Sensitive data has much
narrower permitted uses (e.g. employment, protection, medical, law enforcement,
or it is public domain) and requires consent.
b. Management of private data by organizations including corporations that
engage in the gathering and storage of private data. There are specific consent
requirements. Data users are subject to various disclosure requirements (presumably
local language notifications), relating to the organization, the purposes of
the data collection, types of data, and time periods. There are obligations on
data users to disclose to data owners, to take security steps to protect it, and
restrictions on data transfer (consent is required unless there are contracts
or international agreements).
c. Usage of video-surveillance devices;
d. The role of the Information Commission in protecting private data;
and
e. Transfers of private data.
The Data Bill appears to set out a modern data regime and the House
will debate and is expected to enact it soon.
No comments:
Post a Comment