source: data privacy (PD) act guide folder_1019.pdf
A. definition of terns
1. data subject = an individual whose personal data is processed
2. personal information = any information from which the identity of an individual is apparent or can be reasonably & directly ascertained, or when put together with other information would directly & certainly identify an individual
3. sensitive information = information about an individual's: race, ethnic origin, marital status, age, color, philosophy or political affiliations, HEALTH, education, genetic, or SEX LIFE, proceeding for an offense committed or alleged to have been committed by an individual, government-issued IDs, those established by an executive order or an act of Congress to be kept CLASSIFIED
B. principles
1. transparency -- data subject must be aware of the NATURE, PURPOSE, & EXTENT of processing with risks & safeguards involved
2. legitimate purpose
3. proportionality -- adequate, relevant, suitable, NECESSARY, cannot be reasonably fulfilled by other means (vs excessive)
C. data subject rights -- 1. information, 2. access, 3. data portability, 4. rectification, 5. erasure or blocking, 6. to object, 7. to file a complaint, & 8. to damages
No comments:
Post a Comment