Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Pertemuan 7 Points of Exposure Matakuliah :A0334/Pengendalian Lingkungan Online

advertisement 
Matakuliah
Tahun
Versi
:A0334/Pengendalian Lingkungan Online
: 2005
: 1/1
Pertemuan 7
Points of Exposure
1
Learning Outcomes
Pada akhir pertemuan ini, diharapkan mahasiswa
akan mampu :
• Mahasiswa dapat menjelaskan Points of
Exposure
2
Outline Materi
• Remote Working
• Protecting Online Privacy
– The need for A Privacy Statement
– Data Exports
– Security
– Spamming and Direct Marketing
• The Current Law
• The New Law
– Cookies, Web Crawlers, Spiders, Web Bugs
– Conclusion
3
Remote Working
• In today’s Internet-driven world the use of
the teleworker is becoming more common.
This is good for both workers and
businesses as it reduces overheads and
travelling time, increases productivity
through flexible working and also allows
companies to recruit the quality of staff
they need even though they may not lie
near the companies’ offices.
4
• Once the main method of connecting the remote
worker to the corporate system was through
point-to-point dial-up connections; but now, with
technological advances and increasing Internetdriven business activities, remote workers can
easily connect from anywhere in the world.
• Directors, under new data protection laws, are
now legally responsible for information held on
corporate networks concerning their employees
and customers.
5
Protecting Online Privacy
• In recent years laws protecting the privacy
of individuals when personal data about
them is stored or processed have
proliferated internationally.
6
• In particular the eight data protection principles
in the Act must be complied with, namely:
– Personal data shall be processed fairly and lawfully.
– Personal data shall only be obtained for one or more
specified and lawful purpose.
– Personal data shall be adequate, relevant and not
excessive in relation to the purpose or purposes for
which they are processed.
– Personal data shall be accurate and, where
necessary, kept up to date.
– Personal data processed for any purpose or purposes
shall not be kept for longer than is necessary.
7
– Personal data shall be processed in accordance with
the rights of data subjects.
– Approriate technical and organisational measures
shall be taken against unauthorised or unlawful
processing of personal data and against accidental
loss or destruction of, or damage to, personal data.
– Personal data sahll not be transferred to a country or
territory outside the European Economic Area unless
that country or territory ensures an adequate level of
protection for the rights and freedoms of data subjects
in relation to the processing of personal data.
8
• Persons who suffer harm as a result of
unlawful processing or other breaches of
the Act are also entitled to claim damages
against the business concerned. There
are also special rules for ‘sensitive
personal data’ – ethnicity, health
records,membership of a trade union, etc.
9
The Need for A Privacy Statement
• Where a business collects personal data –
for example, contact details and other data
such as customer preferences – via a web
page or email, the business must ensure
that the personal data is fairly and lawfully
processed. It must also be obtained only
for one or more specified and lawful
purposes and must not be processed in a
manner incompatible with these purposes.
10
• In practice this includes making sure that
you have an online privacy statement in
the proper form, which is brought to the
attention of those submitting personal
data.
• The privacy statement must clearly set out
the purposes for which the data is
collected and processed.
11
Data Exports
• The current law is that personal data can
only be exported outside Europe if the
country to which the data is exported has
an adequate level of protection.
12
Security
• The seventh data protection principle requires
that ‘appropriate technical and organisational
measures shall be taken against unauthorised or
unlawful processing of personal data and
against accidental loss or destruction of, or
damage to, personal data’. In other words, the
data must be kept secure. This is particularly
important when the data may be available online
and where there is a risk that it may become
available to others.
13
Spamming and Direct Marketing
• The Current Law
• The New Law
14
The Current Law
• The current law in this area is complex –
involving the Data Protection Act 1998 and
the Telecommunications (Data Protection
and Privacy) Regulations 1999.
15
The New Law
• The 2002 Directive on Privacy and Electronic
Communications (‘Directive’), which must be
implemented into UK law before 31 October
2003, sets out a new regime regulating
unsolicited communications for direct marketing
sent by:
– Automatic calling machines (use of automated calling
systems without human intervention)
– Fax
– Electronic mail (this includes SMS text messages)
16
Cookies, Web Crawlers, Spiders, Web
Bugs
• These technologies potentially allow third parties
access to the contents of your computer. A
‘cookie’ is a small text file that is stored on the
hard drive of your computer when you visit a
website. Their purpose is to allow repeat visits
(eg by a subscriber to the side) and they can
also be used to gather information about you.
• Web bugs, spyware and other similar devices
can be used to gain access to information on
your computer, to store hidden information and
to trace your activities.
17
• The new Directive sees ‘cookies’ as a
legitimate and useful tool. However, web
bugs and similar devices are seen as a
serious threat to privacy and they must
only be used for legitimate purposes with
the knowledge of the users concerned.
18
• The use of ‘cookies’ is permitted provided
that:
– The user is given clear and comprehensive
information about the use to be made of the
information gathered by the cookie – this must
be made as ‘user friendly’ as possible
– The user has the opportunity to refuse the
cookie. However, access to a website can be
made conditional on the user’s well-informed
acceptance of a cookie.
19
Conclusion
• Dealing with online privacy issues is just
part of dealing with data protection
compliance more generally.
20
• Areas typically included in any compliance
programme are:
– Existence and role of a compliance officer and
management involvement
– Internal staff policies and awareness of procedures
and sanctions for non-compliance
– Website privacy statements and processes of
collecting personal data; duration of data retention
– Staff monitoring
– Handling of requests by data subjects to access their
personal data
– Security standards applied (both technical and
operational)
21
• Looking more specifically at online privacy
issues, privacy statements are essential when
addresses or personal data are collected.
Where email/telephone numbers are to be used
for direct marketing (eg by email or SMS) then
best practice will be to obtain prior ‘explicit’
consent, for example by a tick in an ‘I consent’
box on a web form. Information must also be
put in place dealing with cookies and users must
be able to refuse them.
22
The End
23
Related documents
Acknowledgement of Privacy
Acknowledgement of Privacy
“Contrasting the early 19th versus early 21st Centuries”
“Contrasting the early 19th versus early 21st Centuries”
Central Missouri Cardiovascular Associates P
Central Missouri Cardiovascular Associates P
Sample essay questions for Chapters 4 & 8
Sample essay questions for Chapters 4 & 8
Privacy Confidentiality Minor
Privacy Confidentiality Minor
Download
advertisement