Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

“Praktikat e mira të sigurisë së informacionit”

advertisement 
“Albania”
“Personal Data Security”
Alketa Koja
PR Specialist of The Commissioner
for Personal Data Protection
ALBANIA
Personal Data Security- The Law
2
The Data Controller shall take measures in order to protect
personal data (art.27 of Law on Data Protection). Also, the
Data Controller should:
 Instructs all operators concerning their obligations, in
conformity with this law and the internal regulations on data
protection, including the regulations on data security;
 Personal data and their software shall be accessed only by
authorized persons;
 Prohibits access to the filing system and their use by
unauthorized persons;
 Records and documents the alteration, rectification, erasure,
transfer, ecc..
The Cases


Ex officio inspection
Regional Hospital
of Vlora
Personal data security
The Violations
Personal medical records stored
in unsuitable environments.
Central data register
with no
restriction in access.
How the Commissioner deal in this case?
The Recommendations of DPA:



To provide safe environments with limited access to
the files of the personal data subjects.
To ensure folders with sensitive personal data of data
subjects in appropiate locations.
To take measures for employees to access the
computers at the user level (not administrator) via the
"username" and "password appropriate“.
The Cases

Ex officio inspection

Kukes Municipality
Personal data security
The Violations

The lack of internal regulation on the protection of personal data.

The use of personal email for official communication.

No regulated access in the file system.
How the Commissioner deal in this case?
The Recommendations of DPA:



To take measures in order to approve and write an internal
regulation specific to data protection.
To Take measures regarding communication through official
electronic mail (e-mail), by applying the "Rules for the use of
email in Public Administration", approved by the National
Information Society Agency (NISA).
To take measures for employees to access the computers at the
user level (not administrator) via the "username" and "password
appropriate“.
The Cases
 Inspection based on
a compliance.
The second inspection
at this personal data
controller.
The Albanian
electricity distribution
service.
Personal data security
The Violation:
 No specific consent for
marketing purpose.
How the Commissioner deal in this case?
The Decision of the DPA
•
•
•
•
Huge amount of Personal data collected ignoring the
Data Protection Law.
Personal Data Controller very well informed about
the Law, due to continue relation with the Authority.
The DPA decided to set e fine for this Data Controller
The Data Controller objected the decision of the
Commissioner in the Court.
Komisioneri për Mbrojtjen e të Dhënave
Personale
Thank you for the attention!
Hvala!
The Commissioner for Personal Data
Protection
Adresa: Rr.“Abdi Toptani” Nr.4, Tiranë
Email: info@kmdp.al
Tel:+355(4)2237200
Related documents
Data Protection 1 1 What does the Act require? The Act gives `data
Data Protection 1 1 What does the Act require? The Act gives `data
MVC the concept
MVC the concept
2511- 10th graduation of the Leadership School of the
2511- 10th graduation of the Leadership School of the
Has Miley Cyrus gone to Number 1 in the singles and
Has Miley Cyrus gone to Number 1 in the singles and
The Council of Europe Commissioner for Human Rights
The Council of Europe Commissioner for Human Rights
waivers - Office of the High Commissioner on Human Rights
waivers - Office of the High Commissioner on Human Rights
Training on Data Protection
Training on Data Protection
Presentation EC project
Presentation EC project
New Unit Sustainment
New Unit Sustainment
2-21-2012 Workshop Minutes
2-21-2012 Workshop Minutes
Page 1 PRIVACY & IT COMPLIANCE March 2015 THE USE OF
Page 1 PRIVACY & IT COMPLIANCE March 2015 THE USE OF
List of Oral Histories - George Mason University
List of Oral Histories - George Mason University
ESE Organizational Chart - Massachusetts Department of Education
ESE Organizational Chart - Massachusetts Department of Education
An overview of UK data protection law
An overview of UK data protection law
Taking the con out of conciliation - Haroun Docrat
Taking the con out of conciliation - Haroun Docrat
Freedom of Information journal - Volume 10, Issue 5 (May/June 2014)
Freedom of Information journal - Volume 10, Issue 5 (May/June 2014)
Public Administration (Review of Actions) Regulations 2005
Public Administration (Review of Actions) Regulations 2005
HPC 9-28-15 - City of Wabasha
HPC 9-28-15 - City of Wabasha
Special Meeting Minutes June 19, 2013 Vice President Leward
Special Meeting Minutes June 19, 2013 Vice President Leward
here - NAMI Minnesota
here - NAMI Minnesota
A Practical Guide to the Data Protection Act by John Woulds December 2004
A Practical Guide to the Data Protection Act by John Woulds December 2004
in Word - Health and Disability Commissioner
in Word - Health and Disability Commissioner
Download
advertisement