Sunday, February 20, 2011

Protection of Personal Information (PPI) and SharePoint – Part 1 of 2

The Protection of Personal information bill (the bill) has been getting a lot of attention lately, currently it’s a bill that is not yet enforced, but that is set to happen this year.


Organisations are expected to take reasonable steps NOW to ensure that they are compliant when this bill becomes law. So lots of seminars and training sessions are now becoming available to educate you on what the bill is all about and what “reasonable” steps can be taken in order for you to be compliant.




So what is this bill all about?

The bill regulates the collection, storage and distribution of personal information by both private and public bodies. It is based on world standards and is regarded as leading practice baseline for effective data privacy regulation around the world. The bill aims to provide an acceptable balance between the right to privacy and the legitimate need to use personal information.

Personal information is regarded as any information related to a person from first name to sexual orientation. He bill has eight core principles which form the minimal conditions for the lawful processing of personal information. The eight principles are:

Accountability: The party holding the personal information is responsible for the information and must follow the principles defined in the bill

Processing Limitations: Personal information must be collected directly from the data subject, with the data subjects consent.

Purpose Specification: Personal information must be collected for a specific, well defined and legitimate purpose. The data subject should be aware of the purpose for which the information is collected, and who the likely recipients of the information will be.

Further processing limitations: Personal information may not be processed further in a way that is incompatible with the purpose for which the information was collected initially.

Information Quality: The person or party that determines the purpose and means for processing personal information should ensure that the information is complete, up to date and accurate.

Openness personal: Personal information may only be collected if the Information Protection Commission was notified. Also, where personal information of a data subject is collected, the person or institution responsible for such collection must ensure that the data subject is aware of:
  • The fact that the information is being collected;
  • The name and address of the person or institution collecting the information;
  • Whether or not the supply of the information by that data subject is voluntary or mandatory and the consequences of failure to reply ;and
  • Where the collection of information is authorised or required under any law, the particular law to which the collection is subject.
Data Subject Participation: A data subject is entitled to the particulars of his or her personal information held by any institution or person, as well as to the identity of any person that had access to his or her personal information. The data subject is also entitled to require the correction of any information held by another party.

Security Safeguards: The Bill requires the implementation of technical and organisational measures to secure the integrity of personal information, and to guard against the risk of loss, damage or destruction of personal information. Also, personal information should also be protected against any unauthorised or unlawful access or processing.

That’s the main overview, the bill also mentions the processing of “special personal information” (i.e. religious or philosophical beliefs, race or ethnic origin, trade union membership, political opinions, health, sexual life, or criminal behaviour) which is basically prohibited for collection, storage and distribution.

Now since you understand what PPI is all about, let’s look at how SharePoint can help (in Part 2).

Reference
http://www.deloitte.com/view/en_ZA/za/services/audit/6a0f1f10c23c3210VgnVCM200000bb42f00aRCRD.htm

http://www.law24.com/understand-your-legal-issue/legal-articles/index.html?domid=/slucb/ulucb/5lucb/zv7nb/0musb/dp2sb&id=


No comments: