Implica)ons of the PDPA 2010 on a Malaysian Telecom Operator
|
|
- Kerry Dennis
- 8 years ago
- Views:
Transcription
1 Implica)ons of the PDPA 2010 on a Malaysian Telecom Operator
2 Contents Introduction Celcom Preparation for PDPA 2010 Implications and Future Challenges - Consent and Strategic Options for Giving Consent - Notice - Disclosure - Security - Retention - Data Integrity - Access - Fines and Jail Term Conclusion
3 Introduction q Telecommunications Service Providers are always innovating to develop product offerings to serve customers better. q Managing privacy is important in the long run as Service Providers can become trusted service providers by integrating the requirements of the PDPA with minimal impact to the business. q Customers who trust that Service Providers do not misuse their personal data will be more willing to to the use of their data. q The telecommunications sector is already highly regulated so most Service Providers have systems in place for customers especially prepaid customers to access and correct data themselves. There are provisions to manage customer data currently in the Banking and Financial Institutions Act 1989, Communications and Multimedia Act , Computer Crimes Act 1997, Money Services Business Act 2011, General Consumer Code of Practice. COMPANY CONFIDENTIAL 3
4 Introduction q Many Telecommunications Service Providers also have systems to control delivery of premium content required by regulation. These systems make it a requirement to opt in to receive premium content. q PDPA will take regulation one step earlier in the customer life cycle, the point of registration for a new user or a new service not initially bundled with the mobile service i.e. the point of obtaining to process personal data. There will have to be added processes to address existing users allowing them to opt out q Moving forward this presentation will consider at least one concern per data protection principle to highlight the concerns and clarity we will need to implement PDPA COMPANY CONFIDENTIAL 4
5 Celcom Preparation for PDPA 2010 q Company undertook PD Impact Assessment (PIA) to assess the level of compliance between company s own data protection system with PDPA to identify potential gaps and weaknesses in the date protection system to design an implementation program for data protection system review q Celcom s PIA process is shown here Module 1 Awareness Training - en)re organiza)on Module 2 (PIA) map out data flow in organiza)on Assess internal PD policies procedures Iden)fy gaps Module 3 - PIA workshop - implementa)on plan Module 4 - Actual implementa)on compliance training Module 5 On going audit to ensure compliance to new PD policies and procedures. COMPANY CONFIDENTIAL 5
6 Implications and Future Challenges - Consent What mode of seeking will be acceptable to the Data Protection Regulator as is also not defined in the Act q The preferred mode which is seen from recent examples contain the continued use or our service means you have ed to the use of your personal data being used for the purposes. q The PDPA 2010 allows the data user to process data if processing is necessary for the performance of a contract to which the data subject is a party? q The key question is what processing is necessary for the performance of the contract is it basic telephony or the full suite of innovative smart application services. COMPANY CONFIDENTIAL 6
7 Strategic Options for Gaining Consent 1. Tradi)onal Telco Approach 2. Aggressive Telco Approach 3. New Internet- based Approach Develop model no)ce of to process data. Give customers choice to opt- out of use of data for marke)ng / 3 rd party services. Encourage / incen)vize customers to opt- in at point of SIM / handset sale etc.. Market / adver)se to sub- set of customers who choose to who don t opt out. Introduce adver)sing on relevant Telco services Encourage customers to opt- in to receive relevant services by consen)ng to allow their data to be used. Model no)ce explains how supports more relevant / targeted services. Develop a framework for adver)sing partners which retains permission within Axiata, so permissions do not have to be extended to third par)es. More customers exposed to adver)sing => commercial benefit but also intrusion risk. Targeted services is an integral component of a new service. Consent to the use of customer data to support targeted marke)ng is effec)vely bundled as a condi)on of service use. This must be obvious to customers allowing them to make an overall, informed decision as to whether or not to use a service. Model no)ce of reflects this posi)on Framework for partners which retains permissions within Celcom Axiata. So as Google / Facebook / or a new ad- supported MVNO model. Telcos should prefer 2 to 1 for core services. 3 should be preferred for new services /applica)ons, but cannot simply be imposed on exis)ng mobile customers.
8 Implications and Future Challenges - Notice q The PDPA provides for the provision of written notice to inform the data subject that personal data is being processed and the purposes of use q Would notice in newspapers and websites be deemed acceptable written notice? q Would an SMS notice or e mail linking to a Web based Privacy Policy be acceptable? q For telecommunications service providers the best way to ensure customers have notice is by way of SMS and not by mail as the prepaid subscribers may not have updated address data
9 Implications and Future Challenges - Option to Limit processing of Data q The PDPA 2010 gives data subjects the right to limit the processing of personal data q This could be seen as an opt out and require the creation of a list of data subjects who do not want to be contacted q The are significant commercial implications for business as the customer may elected to limit processing of advertising or information about new products which reduce the value add of the service benefits to the customer q Yet data subjects give information freely to OTT applications providers like Whats App and Viber, including access to their address books which include personal data of contact in address books. Have you given informed?
10 Implications and Future Challenges - Withdrawal of to process personal data q This means that the Service Provider can no longer use the information and will not longer be able to supply the service q Examples of situations where this can occur Termination of Service Porting number to another operator q Effectively the Service Provider will not be able to engage in customer retention strategies after the customer has withdrawn his. What if there is a competitive come back offer?
11 Implications and Future Challenges - Disclosure q Purpose of use of personal data is will be disclosed in a Privacy Policy which will then be updated from time to time. q There could be concerns that this policy may be framed too widely. q If there are regulations issued for example, limiting the extent of purpose clauses disclosure for purpose may be required each time something not covered in the under the original needs to be launched. Customers to may be uncomfortable to continuously give or give it automatically to get the content they want
12 Implications and Future Challenges - Security q In general Service Providers are already taking reasonably practical steps to protect personal data from loss misuse, unauthorized access, accidental access etc, q Service Providers already have systems in place to protect access to customer data. How much more will the various regulators prescribe? Will the regulations apply in the same way to across other industries? q There will always be issues where data is released due to the misconduct of an employee. We at Celcom Axiata recognise a need for an internal awareness of data protection rules and security polices across the company
13 Implications and Future Challenges - Retention q There is a need to clarify the position as there are various laws covering the length of Service Providers are required to store data. In practice many Service Providers keep relevant data for 7 years because of these laws q Service Providers as an industry need to seek clarification on length of time data can be retained as well as the implication of written instructions to cease processing data q If we purge records at the request of customers or within a shorter time frame we may not be able to process information requests by the police, sector regulators or other authorities.
14 Implications and Future Challenges Data Integrity q Almost 80% of telecommunications data subjects on our network are prepaid customers. q Data Integrity has always been an issue. Service Providers have stringent prepaid registration regulations imposed by the telecommunications regulator. q Service Providers have online access and correction systems developed to allow prepaid users to access and correct their own information. q Collection of accurate data always be an uphill task most service providers dependant on dealers throughout the nation who are unregulated and in a position of strength as they control distribution networks. Some unscrupulous dealers do manipulate the systems for personal gain
15 Implications and Future Challenges- Access q The PDPA Act prescribes that access and the ability to correct be given to the Data Subject q As mentioned Service Providers have online access systems in place for prepaid users to access and correct their data. This will have to be extended to post paid users q Some care has to me taken to ensure data subject own access and correction of data cannot change data like identity card information without verification to limit misuse. q Inaccurate information uploaded onto our database by data subjects using an online method of personal correction may be an issue with the authorities in the event of an investigation
16 Implications and Future Challenges- Fines and Jail Term q A final an overriding concern is that it is extremely easy for an allegation of breach to be made. q Many people give personal data freely in contest forms in supermarkets online etc but will assume it s the Service Provider that released their information because the a call comes in from their hand held device q With fines ranging from RM $ 100k to RM $500 k and jail terms of 1 to 3 years a lot of man hours and cost may have to be spent addressing complaints and proving that the information did not come from a Service Provider q Another key implication is the Joint and Several liability with Body Corporate of CEO, COO, Manager etc. and this iswide enough to catch all Managerial Staff
17 Conclusion q The above is not an exhaustive list of implications q It shows the need to seek interpretations to support business continuity and balance this equally with personal data protection requirement q Service Providers will in parallel have to build trust of the customer/ data subject that the personal data will be protected and used for the benefit and utility of the customer/data user. q Building this trust will reduce potential complaints about noncompliance to the data protection principles and allow the industry to continue to develop a roust applications environment
18 THANK YOU
DATA PROTECTION POLICY
DATA PROTECTION POLICY The Hollandse School Limited (hereinafter HSL ) is an educational institution with a history of over 93 years, and is one of the largest Dutch language schools abroad where the International
More informationCLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES:
CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES: Privacy Responsibilities and Considerations Cloud computing is the delivery of computing services over the Internet, and it offers many potential
More informationDATA PROTECTION LAWS OF THE WORLD. India
DATA PROTECTION LAWS OF THE WORLD India Date of Download: 6 February 2016 INDIA Last modified 27 January 2016 LAW IN INDIA There is no specific legislation on privacy and data protection in India. However,
More informationTerms and Conditions For Mobile Phone Service. Pre-Paid Type. Between The Service Provider And Subscribers
Terms and Conditions For Mobile Phone Service Pre-Paid Type Between The Service Provider And Subscribers 1. General 1.1 This Terms and Conditions for Mobile Phone Service ( Terms and Conditions ) is binding
More informationBRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS
BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS Mat Wright www.britishcouncil.org CONTENTS Purpose of the code 1 Scope of the code 1 The British Council s data protection commitment and
More informationThe potential legal consequences of a personal data breach
The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.
More informationPersonal Data Protection Regime Singapore 21 January 2014
Personal Data Protection Regime Singapore 21 January 2014 2014 PDPC Singapore 1 Overview 2 In Brief Singapore s Personal Data Protection Act 2012 (PDPA) was enacted in Nov 2012 and parts relating to the
More information1st June 2005. Internet Access Service Provider (IASP) Sub-Code for the Communications and Multimedia Industry Malaysia
1st June 2005 for the Communications and Multimedia Industry Malaysia TABLE OF CONTENTS PART 1 - INTRODUCTION...2 PART 2- GENERAL RULES OF THE CODE FOR INTERNET ACCESS SERVICE PROVIDERS...6 PART 3- REVIEW
More informationMaybank Mobile Transfer. A revolutionary in the way people send and receive money
Maybank Mobile Transfer A revolutionary in the way people send and receive money Pay to anyone from your Mobile Contacts. You can now transfer money to anyone with a registered Malaysian mobile number
More informationTo this end ERCI fully endorses and adheres to the Principles of Personal Data Protection Act (2012). 1. The Purpose:
Data Protection Policy: Policy Statement: ERC Institute (ERCI) collects and uses information about people with whom it communicates. As stipulated by the Personal Data Protection Act (2012) (hereinafter
More informationStandard of Electronic Fundraising Practice
Standard of Electronic Fundraising Practice The Standard of Electronic Fundraising Practice provides practical guidelines for FINZ members for best practice for conducting electronic fundraising activities,
More informationStandard Operating Procedure. Authority to access and monitor University IT Account holder communications and data
Standard Operating Procedure Title: Authority to access and monitor University IT Account holder communications and data Version: 2.0 Effective Date March 2016 Summary Describes the approval process and
More informationCatalyst Consulting & Events (CCE) takes seriously its commitment to preserve the privacy of the personal information that we collect.
PRIVACY POLICY 1. Introduction Catalyst Consulting & Events (CCE) takes seriously its commitment to preserve the privacy of the personal information that we collect. We will only collect information that
More information9.4 Example: Photo-taking by an individual acting in a personal or domestic capacity
9 Photography 9.1 Photography is an increasingly ubiquitous activity. Not all photographs capture personal data, but some clearly do. While the Commission does not expect that the PDPA will greatly affect
More informationSPECIFIC TERMS AND CONDITIONS FOR SINGTEL MOBILE S MOBILE BROADBAND SERVICE
SPECIFIC TERMS AND CONDITIONS FOR SINGTEL MOBILE S MOBILE BROADBAND SERVICE 1. Incorporation by reference In addition to the General Terms, the Specific Terms and Conditions and the Acceptable Use Policy
More informationAbilities Centre collects personal information for the following purposes:
Privacy Policy Accountability Abilities Centre is responsible for your personal information under its control. We have appointed a Privacy Officer who is accountable for our compliance with this Privacy
More informationGeneral Condition 23 on Sales and Marketing of Mobile Telephony Services
Schedule General Condition 23 on Sales and Marketing of Mobile Telephony Services 23. SALES AND MARKETING OF MOBILE TELEPHONY SERVICES Scope 23.1 A Mobile Service Provider must comply with this General
More informationPRIVACY POLICY. Privacy Statement
PRIVACY POLICY Privacy Statement Blue Care is one of Australia's leading providers of retirement living, community health, help at home services and aged care homes, caring for more than 12,500 people
More informationWHEN BUSINESS GETS PERSONAL A QUICK GUIDE TO THE PERSONAL DATA PROTECTION ACT 2012 FOR ORGANISATIONS PERSONAL DATA PROTECTION COMMISSION
WHEN BUSINESS GETS PERSONAL A QUICK GUIDE TO THE PERSONAL DATA PROTECTION ACT 2012 FOR ORGANISATIONS PERSONAL DATA PROTECTION COMMISSION S I N G A P O R E www.pdpc.gov.sg Introduction Organisations today
More informationios Developer Program Information
apple ios Developer Program Information Introduction The ios Developer Program provides a complete and integrated process for developing and distributing ipad, iphone and ipod touch applications. With
More information1. Introduction. 2. Sectoral Areas Affected. 3. Data Security. 4. Data Breach Requirements. 5. Traffic Data
1. Introduction Special data protection rules apply to the protection of Personal Data by Data Controllers in the electronic communications sector. These are in addition to the general obligations that
More informationSouth East Asia: Data Protection Update
Data Privacy and Security Team To: Our Clients and Friends September 2013 South East Asia: Data Protection Update Europe has had data protection laws in place for over a decade. Such laws regulate how
More informationProcessor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries
Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Sopra HR Software as a Data Processor Sopra HR Software, 2014 / Ref. : 20141120-101114-m 1/32 1.
More informationInternet, Social Networking and Telephone Policy
Internet, Social Networking and Telephone Policy Contents 1. Policy Statement... 1 2. Scope... 2 3. Internet / email... 2 4. Social Media / Social Networking... 4 5. Accessing the internet, email or social
More informationADVISORY GUIDELINES FOR THE HEALTHCARE SECTOR 11 SEPTEMBER 2014
ADVISORY GUIDELINES FOR THE HEALTHCARE SECTOR 11 SEPTEMBER 2014 1 PART I... 4 1 Introduction... 4 PART II: APPLICATION OF THE DATA PROTECTION PROVISIONS TO SCENARIOS FACED IN THE HEALTHCARE SECTOR... 5
More informationCultural Human Resources Council (CHRC) Personal Information Protection and Electronic Documents Act (PIPEDA) Privacy Policy
Cultural Human Resources Council (CHRC) Personal Information Protection and Electronic Documents Act (PIPEDA) Privacy Policy September 2004 1.0 INTRODUCTION... 3 2.0 CHRC POLICY STATEMENT... 3 3.0 PRIVACY
More informationTerms and Conditions for Online Services of BOC Credit Card (International) Limited
Terms and Conditions for Online Services of BOC Credit Card (International) Limited Online Services of BOC Credit Card (International) Limited ("BOCCC") are provided to you by Bank of China (Hong Kong)
More informationBOC Credit Card (International) Limited - Terms and Conditions for Online Services
BOC Credit Card (International) Limited - Terms and Conditions for Online Services These terms and conditions are applicable to all users of the Online Services and govern the use of the Online Services,
More information"Direct marketing" is not limited to advertising goods or services for sale. It also includes promoting an organisation s aims and ideals.
Direct Marketing Most direct marketing activities must comply with the requirements of the Data Protection Act 2002 (DPA) and, where that direct marketing is communicated by electronic mail, telephone
More informationSenate Bill No. 48 Committee on Health and Human Services
Senate Bill No. 48 Committee on Health and Human Services CHAPTER... AN ACT relating to public health; repealing provisions that provide for a statewide health information exchange system; authorizing
More informationFTC Data Security Standard
FTC Data Security Standard The FTC takes the posi6on (Being tested now in li6ga6on) that Sec6on 5 of the FTC Act requires Reasonable Security under the circumstances: that companies have reasonable controls
More informationPROTECTION OF PERSONAL INFORMATION
PROTECTION OF PERSONAL INFORMATION Definitions Privacy Officer - The person within the Goderich Community Credit Union Limited (GCCU) who is responsible for ensuring compliance with privacy obligations,
More informationRETAIN FOR YOUR RECORDS
ESIGN Disclosure and Agreement RETAIN FOR YOUR RECORDS This CP Federal Credit Union estatement E SIGN Disclosure and Agreement ( Agreement ) is made between you and CP Federal Credit Union ( Credit Union
More informationPersonal Data & Privacy Policy Statement
Personal Data & Privacy Policy Statement Your Privacy Hong Kong Broadband Network Limited ("we" or the "Company") respect the privacy rights of visitors to all our company websites (the Websites ) and
More informationINFORMATION SECURITY AND PRIVACY INSURANCE WITH ELECTRONIC MEDIA LIABILITY COVERAGE. I. GENERAL INFORMATION Full Name:
INFORMATION SECURITY AND PRIVACY INSURANCE WITH ELECTRONIC MEDIA LIABILITY COVERAGE NOTICE: COVERAGE UNDER THIS POLICY IS PROVIDED ON A CLAIMS MADE AND REPORTED BASIS AND APPLIES ONLY TO CLAIMS FIRST MADE
More informationUNILEVER PRIVACY PRINCIPLES UNILEVER PRIVACY POLICY
UNILEVER PRIVACY PRINCIPLES Unilever takes privacy seriously. The following five principles underpin our approach to respecting your privacy: 1. We value the trust that you place in us by giving us your
More informationDATA AND PAYMENT SECURITY PART 1
STAR has teamed up with Prevention of Fraud in Travel (PROFiT) and the Fraud Intelligence Network (FIN) to offer our members the best advice about fraud prevention. We recognise the increasing threat of
More informationINFORMATION SECURITY & PRIVACY INSURANCE WITH ELECTRONIC MEDIA LIABILITY APPLICATION
INFORMATION SECURITY & PRIVACY INSURANCE WITH ELECTRONIC MEDIA LIABILITY APPLICATION NOTICE: COVERAGE UNDER THIS POLICY IS PROVIDED ON A CLAIMS MADE AND REPORTED BASIS AND APPLIES ONLY TO CLAIMS FIRST
More informationQUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt
QUEENSLAND COUNTRY HEALTH FUND privacy policy Queensland Country Health Fund Ltd ABN 18 085 048 237 better health cover shouldn t hurt 1 2 contents 1. Introduction 4 2. National Privacy Principles 5 3.
More informationMEMBI PRIVACY POLICY
MEMBI 1 PURPOSE OF OUR POLICY 1.1 Membi Limited (Company Number 09775238) of 396a Kingston Road, Kingston Road, London SW20 8LL, United Kingdom (Membi, we, us or our) provides the services offered on the
More informationINFORMATION SECURITY & PRIVACY INSURANCE WITH BREACH RESPONSE SERVICES
INFORMATION SECURITY & PRIVACY INSURANCE WITH BREACH RESPONSE SERVICES NOTICE: INSURING AGREEMENTS I.A., I.C. AND I.D. OF THIS POLICY PROVIDE COVERAGE ON A CLAIMS MADE AND REPORTED BASIS AND APPLY ONLY
More informationLEGAL ALERT. August 9, 2011. Outsourcing: India Adopts New Privacy and Security Rules for Personal Information
LEGAL ALERT August 9, 2011 Outsourcing: India Adopts New Privacy and Security Rules for Personal Information Effective with their publication on April 11, 2011, 1 the Central Government of India (GOI)
More informationSTATUTORY INSTRUMENTS 2012 No. _
STATUTORY INSTRUMENTS 2012 No. _ THE ELECTRONIC SIGNATURES REGULATIONS 2012 ARRANGEMENT OF REGULATIONS Regulation PART I-PRELIMINARY 1. Title. 2. Interpretation PART II - LICENSING AND RECOGNITION OF CERTIFICATION
More informationYOUR PRIVACY IS IMPORTANT TO SANDERSONS ARCHIVING SOLUTIONS LIMITED
YOUR PRIVACY IS IMPORTANT TO SANDERSONS ARCHIVING SOLUTIONS LIMITED SANDERSONS ARCHIVING SOLUTIONS LIMITED WEB SITE PRIVACY POLICY Policy last updated: 22 nd December 2014 This Policy is adopted by Sandersons
More informationSTATUTORY INSTRUMENTS. S.I. No. 336 of 2011
STATUTORY INSTRUMENTS. S.I. No. 336 of 2011 EUROPEAN COMMUNITIES (ELECTRONIC COMMUNICATIONS NETWORKS AND SERVICES) (PRIVACY AND ELECTRONIC COMMUNICATIONS) REGULATIONS 2011 (Prn. A11/1165) 2 [336] S.I.
More informationASIAN PACIFIC TELECOMMUNICATIONS PTY LTD STANDARD FORM OF AGREEMENT. Schedule 1 Managed Voice Services
ASIAN PACIFIC TELECOMMUNICATIONS PTY LTD STANDARD FORM OF AGREEMENT Schedule 1 Managed Voice Services December 2013 Table of Contents 1. SERVICE SCHEDULE 1 VOICE SERVICES... 3 1.1 OVERVIEW... 3 1.2 STANDARD
More informationAppendix 1. This appendix is a proposed new module of the DFSA Rulebook. Therefore, the text is not underlined as it is all new text.
Appendix 1 This appendix is a proposed new module of the DFSA Rulebook. Therefore, the text is not underlined as it is all new text. The DFSA Rulebook Auditor Module (AUD) PART 1 INTRODUCTION 1 APPLICATION
More informationVOICE SERVICE SCHEDULE AGREEMENT
OPERATIVE PROVISIONS 1. THE SERVICE 1.1 This Service Schedule is for the supply of fixed line telephony services 1.2 This Service Schedule will apply to the first and any subsequent Service Orders executed
More informationData Protection Policy
Data Protection Policy Version: V1 Ratified by: Operational Management Executive Committee Date ratified: 26 September 2013 Name and Title of originator/author(s): Chris Brady, FOI, Data Protection and
More informationCookies Compliance Advisory
Cookies Compliance Advisory Note: this is an advisory notice that summarises the current position of the Article 29 Working Group and makes suggestions as to how organisations might practically achieve
More informationPACIFIC EXPLORATION & PRODUCTION CORPORATION (the Corporation )
PRIVACY POLICY (Initially adopted by the Board of Directors on November 16, 2007) PACIFIC EXPLORATION & PRODUCTION CORPORATION (the Corporation ) The Corporation is committed to controlling the collection,
More informationPublic Advisory Statement. The Personally-Controlled Electronic Health Record. Frequently Asked Questions by Consumers
http://www.privacy.org.au Secretary@privacy.org.au http://www.privacy.org.au/about/contacts.html Background Public Advisory Statement The Personally-Controlled Electronic Health Record Frequently Asked
More informationConducting Surveys: A Guide to Privacy Protection. Revised January 2007 (updated to reflect A.R. 186/2008)
Conducting Surveys: A Guide to Privacy Protection Revised January 2007 (updated to reflect A.R. 186/2008) ISBN 978-0-7785-6101-9 Produced by: Access and Privacy Service Alberta 3rd Floor, 10155 102 Street
More informationTERMS OF SERVICE TELEPORT REQUEST RECEIVERS
TERMS OF SERVICE These terms of service and the documents referred to in them ( Terms ) govern your access to and use of our services, including our website teleportapp.co ( our site ), applications, buttons,
More informationPrivacy Charter. Protecting Your Privacy
Privacy Charter Protecting Your Privacy 1 1. Introduction 3 2. Collection of personal information 3 What sort of personal information do we collect and hold? 3 Anonymity and Pseudonymity 3 Why do we collect
More informationCode of Conduct For Subscribers
Code of Conduct For Subscribers WHEREAS: A. The Bureau is in the business, amongst others, of producing credit reports B. Subject always to Credit Reporting Agencies Act 2010 and any other applicable legislation,
More informationClause 1. Definitions and Interpretation
[Standard data protection [agreement/clauses] for the transfer of Personal Data from the University of Edinburgh (as Data Controller) to a Data Processor within the European Economic Area ] In this Agreement:-
More informationThe Cloud and Cross-Border Risks - Singapore
The Cloud and Cross-Border Risks - Singapore February 2011 What is the objective of the paper? Macquarie Telecom has commissioned this paper by international law firm Freshfields Bruckhaus Deringer in
More informationSubmission in relation to the Draft Guidelines on Australian Privacy Principles 1 to 5
Submission in relation to the Draft Guidelines on Australian Privacy Principles 1 to 5 by the Consumer Credit Legal Centre (NSW) Inc. and Consumer Action Law Centre About Consumer Credit Legal Centre Consumer
More informationE-commerce and Legal Compliance
E-commerce and Legal Compliance Moving all or part of your business online can be an exciting time, opening up a range of opportunities and new markets for you and your business. Hand in hand with these
More informationINVESTMENT MANAGEMENT RISK ASSESSMENT: MARKETING AND SELLING PRACTICES
INVESTMENT MANAGEMENT RISK ASSESSMENT: MARKETING AND SELLING PRACTICES A REPORT OF THE TECHNICAL COMMITTEE OF THE INTERNATIONAL ORGANIZATION OF SECURITIES COMMISSIONS SEPTEMBER 2003 INVESTMENT MANAGEMENT
More informationData Protection Consent Clause and Policy Background
Data Protection Consent Clause and Policy Background The Singapore Personal Data Protection Act - 2012 (PDPA) establishes a data protection law that comprises various rules governing the collection, use,
More informationRESERVE BANK OF MALAWI GUIDELINES FOR MOBILE PAYMENT SYSTEMS
RESERVE BANK OF MALAWI GUIDELINES FOR MOBILE PAYMENT SYSTEMS March 2011 2 Table of Contents ACRONYMS... 4 DEFINITIONS... 5 1.0 Introduction... 6 2.0 Mandate... 6 3.0 Objective... 6 4.0 Scope... 6 5.0 Application
More informationDARTFISH PRIVACY POLICY
OUR COMMITMENT TO PRIVACY DARTFISH PRIVACY POLICY Our Privacy Policy was developed as an extension of our commitment to combine the highestquality products and services with the highest level of integrity
More informationATMD Bird & Bird. Singapore Personal Data Protection Policy
ATMD Bird & Bird Singapore Personal Data Protection Policy Contents 1. PURPOSE 1 2. SCOPE 1 3. COMMITMENT TO COMPLY WITH DATA PROTECTION LAWS 1 4. PERSONAL DATA PROTECTION SAFEGUARDS 3 5. ATMDBB EXCEPTIONS:
More informationPRODUCT DISCLOSURE SHEET
PRODUCT DISCLOSURE SHEET KINDLY READ THIS PRODUCT DISCLOSURE SHEET BEFORE YOU DECIDE TO TAKE UP ANY TUNE MONEY SDN BHD ( TUNE MONEY ) PREPAID CARD. PLEASE MAKE SURE YOU ALSO READ THE TERMS AND CONDITIONS
More informationData Protection Policy
Data Protection Policy Responsible Officer Author Date effective from July 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended December 2012 Review
More informationOn-Site Compliance Review Administrative Records Checklist OSDE-SES. Completed By:
SCHOOL DISTRICT/AGENCY: SCHOOL YEAR: Date: Completed By: 1. Child Identification, Location, and Evaluation A. Public Awareness activities: 1) Is documentation of two public awareness activities from ongoing/periodic
More informationYour use of this site is subject to the following privacy policy statement and the web site terms of service.
TERMS AND CONDITIONS OF USE Your use of this site is subject to the following privacy policy statement and the web site terms of service. Notice This Web site is operated by 3D Entertainment Distribution
More informationTPS Corporate Services Personal Data Protection Policy
TPS Corporate Services Personal Data Protection Policy In this policy, we, us, our means and all its related companies (collectively known as TPS ), you, your or yours means the persons to whom this policy
More informationHIPAA Privacy and Information Security Management Briefing
HIPAA Privacy and Information Security Management Briefing Karen Pagliaro-Meyer Privacy Officer kpagliaro@columbia.edu (212) 305-7315 Soumitra Sengupta Information Security Officer sen@columbia.edu (212)
More informationHow To Comply With The Telecommunications Consumer Protection Code
Applied VoIP Pty Ltd Telecommunications Consumer Version 1.0 October 1, 2012 Telecommunications Consumer Part 1 General Terms and Objectives Objectives of this Policy This plan sets out the general principles
More informationVisa Debit & Prepaid Card Access Terms and Conditions As at 1 August 2015
As at 1 August 2015 VISA Card Conditions of Use These Conditions of Use take effect immediately except as otherwise advised in writing and replace all VISA Debit Card Conditions of Use previously issued.
More informationEU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update. By Stephen H. LaCount, Esq.
EU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update By Stephen H. LaCount, Esq. Overview The European Union Data Protection Directive 95/46/EC ( Directive ) went effective in
More informationDATA PROTECTION IN DIRECT MARKETING
Document 1.1.2-1 DATA PROTECTION IN DIRECT MARKETING analysis of the legislation in direct marketing Component 1 Activity 1.1.2 Final version The content of this report is the sole responsibility of Human
More informationReport of the Information & Privacy Commissioner/Ontario. Review of the Canadian Institute for Health Information:
Information and Privacy Commissioner of Ontario Report of the Information & Privacy Commissioner/Ontario Review of the Canadian Institute for Health Information: A Prescribed Entity under the Personal
More information7.08.2 Privacy Rules for Customer, Supplier and Business Partner Data. Directive 7.08 Protection of Personal Data
Akzo Nobel N.V. Executive Committee Rules 7.08.2 Privacy Rules for Customer, Supplier and Business Partner Data Source Directive Content Owner Directive 7.08 Protection of Personal Data AkzoNobel Legal
More informationINITIAL APPROVAL DATE INITIAL EFFECTIVE DATE
TITLE AND INFORMATION TECHNOLOGY RESOURCES DOCUMENT # 1107 APPROVAL LEVEL Alberta Health Services Executive Committee SPONSOR Legal & Privacy / Information Technology CATEGORY Information and Technology
More informationPRIVATE HEALTH INSURANCE INTERMEDIARIES PRACTICE CODES JUNE 2015 VERSION 2
PRIVATE HEALTH INSURANCE INTERMEDIARIES PRACTICE CODES JUNE 2015 VERSION 2 CONTENTS PART A - Pages 3-4 INTRODUCTION 1. ACCEPTANCE OF CODES 2. CODE COMPLIANCE 2.1 CODE COMPLIANCE COMMITTEE 3. REVIEW AND
More informationOffice of the Data Protection Commissioner of The Bahamas. Data Protection (Privacy of Personal Information) Act, 2003. A Guide for Data Controllers
Office of the Data Protection Commissioner of The Bahamas Data Protection (Privacy of Personal Information) Act, 2003 A Guide for Data Controllers 1 Acknowledgement Some of the information contained in
More informationThis policy applies to all individuals that provide Leading Age Services Australia Victoria (LASA Victoria) with their personal information.
The purpose of this policy This policy applies to all individuals that provide Leading Age Services Australia Victoria (LASA Victoria) with their personal information. What personal information do we collect?
More informationPRIVACY NOTICE. Last Updated: March 24, 2015
PRIVACY NOTICE Your access to and use of this website is governed by the TERMS OF WEBSITE USE and the following PRIVACY NOTICE. Please read them carefully as they constitute a legally binding agreement
More informationRecommendations. That the Cabinet approve the withdrawal of the existing policy and its replacement with the revised document.
Report to: Cabinet Date: 14 th October 2004. Report: of Head of Corporate Personnel Services Report Title: USE of INTERNET POLICY Summary of Report. The use of the Internet is growing rapidly. Over the
More informationsingapore american school
Background The Singapore Personal Data Protection Act - 2012 (PDPA) establishes a data protection law that comprises various rules governing the collection, use, disclosure, and care of personal data.
More informationAVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE
AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE This Notice of Privacy Practices describes the legal obligations of Ave Maria University, Inc. (the plan ) and your legal rights regarding your protected health
More informationA Submission to the. Fiji Commerce Commission on. Guidelines for Texting Competitions and Promotions in Fiji
A Submission to the Fiji Commerce Commission on Guidelines for Texting Competitions and Promotions in Fiji February 2012 1.0 Introduction The Consumer Council of Fiji welcomes the Fiji Commerce Commissions
More informationTexas Medical Records Privacy Act (a.k.a. Texas House Bill 300)
Texas Medical Records Privacy Act (a.k.a. Texas House Bill 300) Ricky Link, Coalfire ISACA North Texas and IIA Fort Worth Chapters The Petroleum Club of Fort Worth March 4, 2014 1 About Coalfire Coalfire
More informationACCOUNTABILITY AND DISCLOSURE PUBLICITY AND INFORMATION MATERIALS
CODE OF CONDUCT This code sets out the fundamental principles regarding the professional conduct of all members of Educate Plus as well as guidelines to which members are expected to adhere in their relationships
More informationPu?ng B2B Research to the Legal Test
With the global leader in sampling and data services Pu?ng B2B Research to the Legal Test Ashlin Quirk, SSI General Counsel 2014 Survey Sampling Interna6onal 1 2014 Survey Sampling Interna6onal Se?ng the
More informationPRIVACY POLICY USER INFORMATION. Information you provide to us
PRIVACY POLICY Food Marshal Tech Services Private Limited, ("Food Marshal", the Company, we, us and our ) is a company incorporated under the provisions of the Companies Act, 2013 and powers / manages
More informationData Protection Policy
Data Protection Policy CONTENTS Introduction...2 1. Statement of Intent...2 2. Fair Processing or Privacy Statement...3 3. Data Uses and Processes...4 4. Data Quality and Integrity...4 5. Technical and
More informationPROPOSED ADVISORY GUIDELINES ON THE PERSONAL DATA PROTECTION ACT FOR SELECTED TOPICS PHOTOGRAPHY 16 MAY 2014
PROPOSED ADVISORY GUIDELINES ON THE PERSONAL DATA PROTECTION ACT FOR SELECTED TOPICS PHOTOGRAPHY 16 MAY 2014 PART I: INTRODUCTION... 3 1 Introduction... 3 PART II: SELECTED TOPICS... 4 2 Photography...
More informationMobile Telephony Services and General Condition 23.1 - Public Laws
23. SALES AND MARKETING OF MOBILE TELEPHONY SERVICES 78 Scope 23.1 A Mobile Service Provider must comply with this General Condition with respect to a Customer of its Mobile Telephony Services, except
More informationPublic Consultation On Draft Resolution to Issue Anti-SPAM Regulations
Public Consultation On Draft Resolution to Issue Anti-SPAM Regulations Contents Chapter One Introduction Chapter Two Consultation Process Chapter Three Key Principles for Anti-SPAM Draft Regulations Chapter
More informationPrivacy Statement Relating to the Collection, Use and Disclosure of Personal Data & Customer Information
Privacy Statement Relating to the Collection, Use and Disclosure of Personal Data & Customer Information Safeguarding personal data and customer information and using it in a lawful manner, consistent
More informationCloud (educational apps) software services and the Data Protection Act
Cloud (educational apps) software services and the Data Protection Act Departmental advice for local authorities, school leaders, school staff and governing bodies October 2014 Contents 1. Summary 3 About
More informationRegulatory Policy. Unsolicited Electronic Communications
Regulatory Policy Unsolicited Electronic Communications Version: 1.0 Issue Date: 30 December 2009 Copyright 2009 Telecommunications Regulatory Authority (TRA). All rights reserved. P O Box 26662, Abu Dhabi,
More informationData Protection Act 1998 The Data Protection Policy for the Borough Council of King's Lynn & West Norfolk
Data Protection Act 1998 The for the Borough Council of King's Lynn & West Norfolk 1 Contents Introduction 3 1. Statement of Intent 4 2. Fair Obtaining I Processing 5 3. Data Uses and Processes 6 4. Data
More informationRegulations of using the ALLVOD.PL service
REGULATIONS OF USING THE ALLVOD.PL SERVICE Regulations of using the ALLVOD.PL service List of content 1. Basic definitions.. p. 2 2. General provisions of the Regulations. p. 3 3. Technical conditions.
More informationSecurities Trading Policy
Securities Trading Policy Growthpoint Properties Australia Limited for itself and as responsible entity of the Growthpoint Properties Australia Trust Adopted by the Board of directors Growthpoint Properties
More information