privacy and data protection

Privacy and Data Protection

Indonesia ICT Council

Prof. Dr.-Ing. Kalamullah RamliExecutive Team National ICT Council

Privacy and Data Protection Principles

Madrid Resolution 2009• The need for international standards on

privacy and data protection• To define a set of principles and rights

guaranteeing the effective and internationally uniform protection of privacy

• Basic principles are- Lawfulness and fairness - Proportionality- Purpose spefication - Data quality- Openness - Accountability

3

Basic Principles on Privacy and Data Protection

• Lawfulness and Fairness PrinciplePersonal data must be fairly processed, respecting the applicable legislation as well as the rights freedom of individuals in conformity with the purpose and principles of the Universal Declaration of Human Rights and International Convenant on Civil and Political Rights

• Proportionality PrinciplesPersonal data should be limited to such processing as is adequate, relevant and not excessive in relation to the purpose for which it was intended

4


• Purpose Specification Principleprocessing of personal data should be limited to the fulfilment of the specific, explicit and legitimate purpose for which it was collected

• Data Quality Principlepersonal data shall be kept accurate and up to date and not be retained beyond the period for which it was intended

5


• Opennes Principlethe data controller shall have transparent policies with regard to processing of personal data

• Accountability Principlethe data controller shall take all the necessary measures to observe the principles and obligations set out the in the Madrid Resolution and in the applicable national legislation, and have the necessary internal mechanisms in place for demonstrating such observance both to data subjects and to the regulatory authorities

6

Privacy by Design

Universal Declaration of Human Rights (article 12)

8

No one shall be subjected to arbitrary interference with his privacy, family, home, or correpondence, nor to attacts upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacts

Privacy by Design

9

Privacy Enhancing Technology

Privacy Enhancing Technology (PET)

1. Reduce the risk of contravening privacy principles and legislation

2. Minimize the amount of data held about individuals

3. Allow individuals to retain control about themselves at all time

11

Technologies for Privacy Protection Measures in the Data Life Cycle

12

Penutup

CLOSURE• The awareness on Privacy and Data Protection

Education• Synergy (inter-ministries) on the Development of

Eletronic Privacy and Data Protection Government Regulation (Peraturan Pemerintah, PP)

• The involvement of experts, standard bodies, business representatives, and communities– International Telecommunication Union (ITU)– International Organization for Standard (ISO)– Cloud Security Alliance (CSA), COBIT, etc– MIKTI, MITI, Aspiluki, IMOCA, etc

14