More Related Content
Similar to HOW TO PROCESS DATA IN VARIOUS GEO'S A COMPARATIVE ANALYSIS BY SANJEEV SINGH BHARWAN (20)
![]A Little Legal Fan Fiction For Your Reading Pleasure](https://cdn.slidesharecdn.com/ss_thumbnails/theredistrictingcheatsheet-250830092405-c8e58038-thumbnail.jpg?width=560&fit=bounds)
HOW TO PROCESS DATA IN VARIOUS GEO'S A COMPARATIVE ANALYSIS BY SANJEEV SINGH BHARWAN
- 1. HOW TO PROCESS DATA A BASIC COMPARATIVE ANALYSIS BY BHARWAN SANJEEV SINGH
- 2. INDIA UNITED STATES UNITED KINGDOM AUSTRALIA THILAND GERMANY UAE SAUDAI 1.No specific law applicable in relation to data processing in India. 2.Consent of data subject is required under the interpretation of Section 72 A of IT Act. 1. FTC requires that company once disclosed privacy policy should take care of its policy (although no law ask any company to disclose any privacy policy). 2.GLBA Act in case if Financial Organization want to disclose information to third party they should intimate it to Data Subject and take approval Data subject can opt out as well. 3.Companies should have written security policy. (which should include 1.Data Encryption.2.uthentication mechanisms 3.Frequent Monitoring and testing. 4.Theft prevention programme. 4. Under HIPPA minimum PHI should be use, request and disclose for any transaction. 5.Compliance of HIPPA electronic transformation procedure. 6.Under Californian law encryption of data is a prime requirement. 1.DPA Part I Schedule I and DPA Part II Schedule 1 to be complied. 2.Data should not be excessively taken against the purpose. 3.Not be kept for longer than required. 4.Data to be protected with appropriate technical / org measures. 5.Lawful processing is not defined so Data Processor must comply with all relevant rules and laws. 1.Company has to comply 10 NPPs by the OAIC I. How to collect the data. II. How org may use and disclose info. Iii. Information no alteration and secure. Iv. Policy at place to show in relation to how they protect data collected. V. access of information to data subject. vi. No govt. data. vii. Policy of company regarding data protection when data is moving outside Australia. viii. Higher standard for sensitive info (health, racial, ethnic, background, criminal record etc...) 1.Data Controller should have appropriate security system to protect stored information. (no standard defined as such). 2.Data used or disclosed should be current and accurate. 3. Penalties: Up to 18 months imprisonment and up to 20.000 Thai Bhat fine. 1. Data reduction is the principal in Germany. (one should use as little personal data as possible strictly for the purpose only). 2.Express permission required from BDSG or Data Subject in advance. (Exception is exemption of applicable law or in case Data Subject has justified interest). 3.Reason of data collection must be defined. 4.Information should be available to data subject all the time when requested. 5.Personal data must be deleted in case if it is no longer required for the purpose. 1.Only legal requirement in UAE is personal data should not be carried out without the prior consent of the individual / data subject. 2.Data laws are guided by local privacy protection directives mentioned at various places (no actual directive lead this concept)> Data Controller is not defined in Saudi. 1.Only limited information required to assess financial situation and ability to repay can be taken in relation to credit management. Article 2.2 AND 3.1 Credit Regulation. 2.Collection Data only be processed in relation to purpose. Article 2.2 and 3.1, Credit Regulation.