Personal Data Protection Act 2010 Flashcards

1
Q

What is “Personal Data”?

A

It is any personal information in respect of commercial transactions. The data relates directly or indirectly to a data subject, usually includes sensitive personal data (religion, political views, physical and mental health). It also includes expressions of opinion about the data subject.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

When and why was PDPA created?

A

November 2013, it is to regulate the processing of personal data in commercial transactions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the seven principles of PDPA 2010?

A
GENERAL 
NOTICE AND CHOICE
DISCLOSURE 
SECURITY
RETENTION
DATA INTEGRITY
ACCESS
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Explain the principle of “General”.

A

Personal data shall be processed if:

  • consent
  • it is necessary or directly related
  • adequate, not excessive

Sensitive data shall be processed if:

  • given explicit consent
  • it’s necessary
  • info made public
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Explain the principle of “Notice and Choice”.

A

Data subjects should be informed by written notice:
1. data is being processed

  1. purpose of collection
  2. the source
  3. of their rights to:
    - correct the data
    - contact the data for inquiries and complaint
    - informed of third parties to whom the data user discloses or may disclose
    - limit the choices and means

Whether it is obligatory or voluntary for the data subject to supply the personal data.
NOTICE shall be given soonest possible:

  1. At the time first asked by the data used to provide his personal data
  2. first collects the personal data
  3. Before data user uses the personal data or discloses it to a 3rd party
  4. given in the national and English
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Explain the principle of “Disclosure”.

A

No PERSONAL DATA shall be disclosed without the consent of the data subject:

  1. for any other purpose other than the purpose it was collected
  2. to any other party
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Explain the principle of “Security”.

A

A-DATA USER needs to take practical steps to protect the personal data from any:
LOSS, MISUSE, MODIFICATION, UNAUTHORISED/ACCIDENTAL DISCLOSURE, ALTERATION/DESTRUCTION

Must consider the following:

  1. Nature of the data
  2. Harm from misconduct
  3. Place and location of stored data
  4. Security measures to ensure reliability and integrity
  5. Methods to secure transfer of personal data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Explain the principle of “Retention”.

A
  1. It shall not be kept any longer than necessary for the fulfilment of the purpose
  2. If no longer required, necessary steps must be taken to ensure permanent deletion of data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Explain the principle of “Data integrity”.

A

Data user shall take relationship steps to ensure that the personal data is:
ACCURATE
COMPLETE
NOT MISLEADING
KEPT UP TO DATE BY HAVING REGARD TO THE PURPOSE OF THE DATA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Explain the principle of “Access”.

A

A-DATA SUBJECT shall be given their rights and access to:

  1. personal data
  2. ability to correct if: Inaccurate, incomplete, misleading, not updated
How well did you know this?
1
Not at all
2
3
4
5
Perfectly