1 / 30

DATA PROTECTION

DATA PROTECTION. DATA PROTECTION and Research. David Cauchi Office of the Commissioner for Data Protection. University Research Ethics Committee – 30.05.2008. DATA PROTECTION. Data Protection Act . General Provisions Processing for Research Purposes

zaza
Download Presentation

DATA PROTECTION

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DATA PROTECTION DATA PROTECTION and Research David Cauchi Office of the Commissioner for Data Protection University Research Ethics Committee – 30.05.2008

  2. DATA PROTECTION Data Protection Act • General Provisions • Processing for Research Purposes • Procedure agreed with UREC

  3. ORIGIN DATA PROTECTION Council of Europe – ETS 108 Convention on the protection of individuals with regard to automatic processing of personal data Data Protection Act CAP. 440 Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data

  4. WHAT IS DATA PROTECTION ACT? DATA PROTECTION An Act that makes provision for the protection of individuals against the violation of their privacyrights by theprocessing of personal data.

  5. DATA PROTECTION Key Termsin Data Protection

  6. PERSONAL DATA DATA PROTECTION “…any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;” DPA Art. 2

  7. SENSITIVE PERSONAL DATA DATA PROTECTION “…personal data that reveals race or ethnic origin, political opinions, religious or philosophical beliefs, membership of a trade union, health, or sex life;” DPA Art. 2

  8. PROCESSING DATA PROTECTION “…includes the collection, recording, organisation, storage, adaptation, alteration, retrieval, gathering, use, disclosure by transmission, dissemination or otherwise making information available, alignment or combination, blocking, erasure or destruction of such data” DPA Art. 2

  9. CONSENT DATA PROTECTION “…any freely given, specific and informed indication of the wishes of the data subject by which he signifies his agreement to personal data relating to him being processed” DPA Art. 2

  10. DATA PROTECTION Criteria for Processing

  11. CRITERIA FOR PROCESSING DATA PROTECTION PERSONAL DATA DPA Article 9 1. Unambiguous consent or 2. Contract performance or 3. Legal obligation or 4. Vital interests of data subject or 5. Public Interest / Official Authority or 6. Legitimate interest • SENSITIVE PERSONAL DATA • DPA Articles 12 & 13 • Explicit Consent • Subject made data public • Conditions of employment • Vital Interests & data subject • incapable of giving consent • 5. Legal claims

  12. DATA PROTECTION Data Protection Principles

  13. THE NINE PRINCIPLES for ‘good information handling’ DATA PROTECTION Personal Data to be: 1. processed fairly and lawfully 2. processed in accordance with good practice 3. collected for specific, explicitly stated & legitimate purposes 4. processed for reasons compatiblewith the purpose it was collected 5. adequate and relevant to the processing purpose 6. not more than required for the processing purpose 7. correct and, if necessary, up to date 8. rectified 9. not kept for longer than necessary for the processing purpose DPA Art. 7

  14. DATA PROTECTION Rights of Data Subjects

  15. RIGHTS OF DATA SUBJECTS (1) DATA PROTECTION • INFORMATION TO DATA SUBJECT • The data subject should be informed with at least the following: • identity and habitual residence or principal place of business of controller; • purposes of processing; • any further information such as: • i) recipients or categories of recipients of data • ii) whether reply to any questions is obligatory or voluntary, and possible consequence of failure to reply • iii) existence of right of access, right to rectify and where applicable right to erase data. • DPA Art. 19

  16. RIGHTS OF DATA SUBJECTS (2) DATA PROTECTION RIGHT OF ACCESS • Request of Data Subject • must be: • at reasonable intervals • in writing • signed by data subject • Data Controller to provide: • without excessive delay • without expense • written information in an intelligible form DPA Art. 21

  17. RIGHTS OF DATA SUBJECTS (3) DATA PROTECTION RECTIFICATION • The Data Subject may request rectification, blocking or erasure of his personal data. • If the request is justified, the Data Controller shall • rectify, block or erase such personal data accordingly. • notify third parties about such an event, unless this involves a disproportionate effort. DPA Art. 22

  18. DATA PROTECTION Security Measures

  19. APPROPRIATE SAFEGUARDS • These include: • Access controls to information • e.g. passwords, access rights/privileges, encryption etc. • Physical Security safeguards • e.g. locking of file cabinets, computers, offices etc. • Awareness DATA PROTECTION

  20. DATA PROTECTION Processing For Research Purposes

  21. DATA PROTECTION IN RESEARCH DATA PROTECTION • THE DATA PROTECTION ACT APPLIES WHEN: • Research is about individuals • Research involves personal data • Individuals are identifiable

  22. PROCESSING CONCERNING RESEARCH DATA PROTECTION • Sensitive Personal Data may be processed for Research Purposes: • On Public Interest grounds • With the approval of the Commissioner, on the advice of a Research Ethics Committee • DPA Art 16

  23. PROCESSING CONCERNING RESEARCH DATA PROTECTION • Specific Data Protection matters in research include: • Personal and Sensitive Data • Identifiable VS Anonymous Data • Consent – When do I need consent?? • Dealing with children and vulnerable persons • Retention of Data • DPA Art 16

  24. CREATING THE RIGHT BALANCE DATA PROTECTION BETWEEN: RIGHTS OF PRIVACY OF INDIVIDUAL NEED TO CARRY OUT RESEARCH

  25. DATA PROTECTION Procedure agreed With UREC

  26. PROCEDURE (1) DATA PROTECTION RESEARCH INVOLVING SENSITIVE PERSONAL DATA • Proposal Form for ethical approval is submitted by researcher • Research Proposals are examined by the Faculty Research Ethics Committee and by the UREC • Approval is given if proposals are satisfactory • Approval from the UREC is deemed to be an adequate advice for the approval by the Commissioner • Researcher may proceed with the project once this is approved by the UREC

  27. PROCEDURE (2) DATA PROTECTION • A list of approved projects is periodically forwarded to the Commissioner for final approval The UREC may always consult the Commissioner in case of problems with particular projects OBJECTIVES • Allow the researcher ample time to proceed with the study The Researcher is not required to obtain an approval directly from the Commissioner

  28. PROPOSAL FORM DATA PROTECTION INCLUDES • Data Protection Principles • Rights of Data Subjects OBJECTIVES • Inform researchers and ensure that these principles and rights are respected It is important that all faculties use the same form in order to provide the same conditions and information to students

  29. FURTHER INFORMATION DATA PROTECTION Office of the Commissioner for Data Protection E-Mail: commissioner.dataprotection@gov.mt Website: www.dataprotection.gov.mt

  30. DATA PROTECTION THANK YOU! Floor is open for discussion

More Related