Confidentiality Flashcards
What does do contractual obligations of confidentiality typically entail
- written contract
2. non-disclosure agreement for specific business deals
Can automatic notice alone create a contractual obligation of confidentiality? Why?
No. It’s not a contract, it is not an agreement.
What constitutes a breach of confidence?
- duty of confidence
- unauthorised use of info
- real or potential detriment to P
What does duty of confidence entail?
- quality of confidence.
- inaccessible to public and worth protecting - circumstances
- relationship: ELDR MFS
- notice of confidentiality: e.g warning that photography is restricted
What are defences to breach of confidence? 4
- public interest
- misconduct
- P consents to disclosure
- public domain - alr publicly accessible
Do third parties have a duty of confidence?
yes, if they know, or should have known the info was confidential
How is data handling regulated by the PDPA?
c/u/d: collecting, using, disclosing to another 3rd party
What does personal data entail? what is it not?
data that is personal on its own, with unique identifiers
not business contact info
What are the exceptions to the cannot c/u/d for personal data
if required by law
How does PDPA define personal data
data, true or not, about an individual who can be identified from
1. that data
2. other information
depending on context
How does the procedure and enforcement work?
one makes complaint to Personal Data Protection Commission
what can the PDPC do?
Fine, direct offender to act, or give warning.
Commissioner publishes decided cases
What is an organisation
natural persons, or bodies of persons, regardless of whether they are a resident or not. includes individuals operating not under personal or domestic capacity
When an organisation c/u/d personal data, it must
- Notify you of reasonable and specific purposes
2. get valid consent (actual or deemed) by opt in
what does valid consent mean
organisation cannot, as condition to providing product or service, require individual to consent to c/u/d of personal data beyond what is reasonable to provide product or service
or attempt to obtain consent by using deceptive or misleading practices