General provisions Flashcards
Familiarity with general provisions
How is “personal data” defined by UN policy?
Personal data is information, in any form, that relates to an identified or identifiable person.
What is “sensitive personal data”?
Sensitive personal data is a type of personal data that relates to one of the following:
- ethnic origin;
- migration status;
- political, religious or other opinions, beliefs or affiliations;
- personal financial information;
- trade union membership;
- personal genetic or biometric data uniquely identifying individuals;
- health;
- gender identity;
- or sexual orientation.
What is “non-personal data in a sensitive context”?
Non-personal data in a sensitive context is information, in any form, that, while not relating to an identified or identifiable natural person, may, by reason of its sensitive context, put certain individuals and groups at risk of harm, including vulnerable or marginalized individuals and groups of individuals, such as children.
What is a “data subject”?
The data subject is any identified or identifiable natural person to whom personal data that are being processed by or on behalf of the Secretariat relate, including but not limited to a staff member, individual contractor or consultant, other United Nations personnel, an attendee at an official meeting or a beneficiary of
assistance.
What is an “identifiable natural person”?
An identifiable natural person is a natural person who can be directly or indirectly identified by means likely to be used, such as reasonably available expertise, resources and time, as well as data already available.
What is “consent”?
Consent is any freely given, specific and informed indication of an agreement by the data subject to the processing of their personal data.
What is a “data processor”?
The data processor is anyone who processes data that fall within the scope of the present bulletin and who does so under the supervision or direction, or on behalf, of the data steward(s).
What is “data processing”?
Data processing is any operation or set of operations that is performed on data or on sets of data, irrespective of the technology and processes used, including by automated means, by or on behalf of the Secretariat, including but not limited to
collecting, registering, recording, structuring, storing, adapting, altering, cleaning, filing, retrieving, consulting, using, disseminating, disclosing, transferring, sharing, copying, making available, erasing and destroying.
What is a “data breach”?
A data breach is the loss, destruction, alteration, access, acquisition or use for unauthorized purposes of data that fall within the scope of the present bulletin, caused by accidental or unlawful disclosure, that compromises the confidentiality, security, availability or integrity of the data.