privacy and data protection
DESCRIPTION
Presented by Prof. Kalamullah Ramli, Executive Team National ICT Council (DeTIKNas) in IISF 2012, Bandung, 10 Oktober 2012TRANSCRIPT
Privacy and Data Protection
Indonesia ICT Council
Prof. Dr.-Ing. Kalamullah RamliExecutive Team National ICT Council
Privacy and Data Protection Principles
Madrid Resolution 2009• The need for international standards on
privacy and data protection• To define a set of principles and rights
guaranteeing the effective and internationally uniform protection of privacy
• Basic principles are- Lawfulness and fairness - Proportionality- Purpose spefication - Data quality- Openness - Accountability
3
Basic Principles on Privacy and Data Protection
• Lawfulness and Fairness PrinciplePersonal data must be fairly processed, respecting the applicable legislation as well as the rights freedom of individuals in conformity with the purpose and principles of the Universal Declaration of Human Rights and International Convenant on Civil and Political Rights
• Proportionality PrinciplesPersonal data should be limited to such processing as is adequate, relevant and not excessive in relation to the purpose for which it was intended
4
Basic Principles on Privacy and Data Protection
• Purpose Specification Principleprocessing of personal data should be limited to the fulfilment of the specific, explicit and legitimate purpose for which it was collected
• Data Quality Principlepersonal data shall be kept accurate and up to date and not be retained beyond the period for which it was intended
5
Basic Principles on Privacy and Data Protection
• Opennes Principlethe data controller shall have transparent policies with regard to processing of personal data
• Accountability Principlethe data controller shall take all the necessary measures to observe the principles and obligations set out the in the Madrid Resolution and in the applicable national legislation, and have the necessary internal mechanisms in place for demonstrating such observance both to data subjects and to the regulatory authorities
6
Privacy by Design
Universal Declaration of Human Rights (article 12)
8
No one shall be subjected to arbitrary interference with his privacy, family, home, or correpondence, nor to attacts upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacts
Privacy by Design
9
Privacy Enhancing Technology
Privacy Enhancing Technology (PET)
1. Reduce the risk of contravening privacy principles and legislation
2. Minimize the amount of data held about individuals
3. Allow individuals to retain control about themselves at all time
11
Technologies for Privacy Protection Measures in the Data Life Cycle
12
Penutup
CLOSURE• The awareness on Privacy and Data Protection
Education• Synergy (inter-ministries) on the Development of
Eletronic Privacy and Data Protection Government Regulation (Peraturan Pemerintah, PP)
• The involvement of experts, standard bodies, business representatives, and communities– International Telecommunication Union (ITU)– International Organization for Standard (ISO)– Cloud Security Alliance (CSA), COBIT, etc– MIKTI, MITI, Aspiluki, IMOCA, etc
14