“Praktikat e mira të sigurisë së informacionit”

advertisement
“Albania”
“Personal Data Security”
Alketa Koja
PR Specialist of The Commissioner
for Personal Data Protection
ALBANIA
Personal Data Security- The Law
2
The Data Controller shall take measures in order to protect
personal data (art.27 of Law on Data Protection). Also, the
Data Controller should:
 Instructs all operators concerning their obligations, in
conformity with this law and the internal regulations on data
protection, including the regulations on data security;
 Personal data and their software shall be accessed only by
authorized persons;
 Prohibits access to the filing system and their use by
unauthorized persons;
 Records and documents the alteration, rectification, erasure,
transfer, ecc..
The Cases


Ex officio inspection
Regional Hospital
of Vlora
Personal data security
The Violations
Personal medical records stored
in unsuitable environments.
Central data register
with no
restriction in access.
How the Commissioner deal in this case?
The Recommendations of DPA:



To provide safe environments with limited access to
the files of the personal data subjects.
To ensure folders with sensitive personal data of data
subjects in appropiate locations.
To take measures for employees to access the
computers at the user level (not administrator) via the
"username" and "password appropriate“.
The Cases

Ex officio inspection

Kukes Municipality
Personal data security
The Violations

The lack of internal regulation on the protection of personal data.

The use of personal email for official communication.

No regulated access in the file system.
How the Commissioner deal in this case?
The Recommendations of DPA:



To take measures in order to approve and write an internal
regulation specific to data protection.
To Take measures regarding communication through official
electronic mail (e-mail), by applying the "Rules for the use of
email in Public Administration", approved by the National
Information Society Agency (NISA).
To take measures for employees to access the computers at the
user level (not administrator) via the "username" and "password
appropriate“.
The Cases
 Inspection based on
a compliance.
The second inspection
at this personal data
controller.
The Albanian
electricity distribution
service.
Personal data security
The Violation:
 No specific consent for
marketing purpose.
How the Commissioner deal in this case?
The Decision of the DPA
•
•
•
•
Huge amount of Personal data collected ignoring the
Data Protection Law.
Personal Data Controller very well informed about
the Law, due to continue relation with the Authority.
The DPA decided to set e fine for this Data Controller
The Data Controller objected the decision of the
Commissioner in the Court.
Komisioneri për Mbrojtjen e të Dhënave
Personale
Thank you for the attention!
Hvala!
The Commissioner for Personal Data
Protection
Adresa: Rr.“Abdi Toptani” Nr.4, Tiranë
Email: info@kmdp.al
Tel:+355(4)2237200
Download