““Privacy For Websites”Privacy For Websites”

Presented by Mrs Drudeisha Madhub (The Commissionner)

Email: pmo-dpo@govmu.orgTel: +230 212 2218

Helpdesk: +230 203 90 76Website: http://dataprotection.govmu.org

Address: 5th Floor, Happy House Ltd, Port Louis

The Data Protection ActThe Data Protection Act

The Data Protection Act 2004 was proclaimed in its The Data Protection Act 2004 was proclaimed in its entirety on the 16th of February 2009, except for entirety on the 16th of February 2009, except for section 17(5). In addition, the Data Protection section 17(5). In addition, the Data Protection Regulations 2009 (GN 22/09) were enacted to cater Regulations 2009 (GN 22/09) were enacted to cater for registration fees for data controllers, other for registration fees for data controllers, other prescribed fees, the registration form for data prescribed fees, the registration form for data controllers and the request for access to personal controllers and the request for access to personal data form which represents the form to be used by data form which represents the form to be used by data subjects (living individuals), for requesting data subjects (living individuals), for requesting access to their personal data from data controllers.access to their personal data from data controllers.

23rd April 2015

Privacy Assessment : Web Privacy Assessment : Web ApplicationApplication

Privacy Assessment is seen as a valuable tool Privacy Assessment is seen as a valuable tool for businesses and governments which take for businesses and governments which take privacy seriously.privacy seriously.

This web application will enable public and This web application will enable public and private bodies to make informed choices. It will private bodies to make informed choices. It will often be the case that a privacy enhancing often be the case that a privacy enhancing solution will be no more difficult or more solution will be no more difficult or more costly to implement than an intrusive one, if costly to implement than an intrusive one, if the option is identified sufficiently. However, the option is identified sufficiently. However, this should not be the motivation since we are this should not be the motivation since we are here dealing with the human right to privacy. here dealing with the human right to privacy.

23rd April 2015

Privacy AssessmentsPrivacy Assessments

Protection of privacy is more than simply avoiding a Protection of privacy is more than simply avoiding a

breach of the law. It involves striving for something breach of the law. It involves striving for something

better. Privacy Impact Assessments and Privacy better. Privacy Impact Assessments and Privacy

Compliance Assessments are new techniques which are Compliance Assessments are new techniques which are

increasingly being used internationally to better increasingly being used internationally to better

manage privacy risks. Others include audits, privacy manage privacy risks. Others include audits, privacy

seals and associated self-regulatory initiatives and seals and associated self-regulatory initiatives and

privacy enhancing technologies. Each builds on the privacy enhancing technologies. Each builds on the

bedrock of the enforceable privacy rights for citizens bedrock of the enforceable privacy rights for citizens

and consumers enshrined in law.and consumers enshrined in law. 23rd April 2015

Privacy AssessmentsPrivacy Assessments

These assessments are being encouraged as a These assessments are being encouraged as a means by which business and government can means by which business and government can proactively identify and avoid privacy problems. proactively identify and avoid privacy problems. Internationally, these assessments play an Internationally, these assessments play an important part of a policy approach to build trust important part of a policy approach to build trust and confidence in-business and these processes and confidence in-business and these processes are recommended as part of any new Public Key are recommended as part of any new Public Key Infrastructure system, for example.Infrastructure system, for example.

23rd April 2015

Privacy AssessmentsPrivacy Assessments

This Privacy Assessment has been categorised into This Privacy Assessment has been categorised into two parts namely:two parts namely:

◦ Privacy Compliance AssessmentPrivacy Compliance Assessment◦ Privacy Impact AssessmentPrivacy Impact Assessment

The purpose of both these assessments is to The purpose of both these assessments is to provide a systematic process that evaluates a provide a systematic process that evaluates a proposal in terms of its impact upon privacy and proposal in terms of its impact upon privacy and identify the potential effects that the proposal may identify the potential effects that the proposal may have upon personal privacy and further examine have upon personal privacy and further examine how any detrimental effects on privacy might be how any detrimental effects on privacy might be lessened.lessened.

23rd April 2015

Privacy By DesignPrivacy By Design

Privacy by design is an approach to projects that promotes privacy and data protection compliance from the start. Unfortunately, these issues are often bolted on as an after-thought or ignored altogether.

It helps organisations comply with their obligations under the legislation.

23rd April 2015

Privacy By DesignPrivacy By DesignThe Data Protection Office encourages organisations to ensure that privacy and data protection is a key consideration in the early stages of any project, and then throughout its lifecycle. For example when:building new IT systems for storing or accessing personal data;developing legislation, policy or strategies that have privacy implications;embarking on a data sharing initiative; orusing data for new purposes.

23rd April 2015

Privacy By DesignPrivacy By Design

We would like to see more organisations integrating core privacy considerations into existing project management and risk management methodologies and policies.

23rd April 2015

Benefits of taking a ‘privacy by Benefits of taking a ‘privacy by design’ approachdesign’ approach

Taking a privacy by design approach is an essential tool in minimising privacy risks and building trust. Designing projects, processes, products or systems with privacy in mind at the outset can lead to benefits which include:Potential problems are identified at an early stage, when addressing them will often be simpler and less costly.

23rd April 2015

Benefits of taking a ‘privacy by Benefits of taking a ‘privacy by design’ approachdesign’ approach

Increased awareness of privacy and data protection across an organisation. 

Organisations are more likely to meet their legal obligations and less likely to breach the Data Protection Act.

Actions are less likely to be privacy intrusive and have a negative impact on individuals.

23rd April 2015

Privacy on the WebPrivacy on the Web

Your personal privacy on the Web might be Your personal privacy on the Web might be less secure than you think. Web browsing less secure than you think. Web browsing habits are tracked via cookies, search habits are tracked via cookies, search engines routinely change their privacy engines routinely change their privacy policies, and there are always challenges policies, and there are always challenges to Web privacy by both private and public to Web privacy by both private and public organizations. organizations.

23rd April 2015

Privacy on the WebPrivacy on the Web

1. Avoid Unnecessary Forms 1. Avoid Unnecessary Forms A good Web safety rule of thumb is to avoid filling out A good Web safety rule of thumb is to avoid filling out forms that require personal information in order to keep forms that require personal information in order to keep anything from being entered into public, searchable anything from being entered into public, searchable record, also known as Web results. You can use record, also known as Web results. You can use “BugMeNot” to avoid filling out unnecessary forms that “BugMeNot” to avoid filling out unnecessary forms that ask for too much personal information for example. ask for too much personal information for example.

2. Clean Your Search History 2. Clean Your Search History Most Web browsers keep track of every single Web site Most Web browsers keep track of every single Web site you type into the address bar. This Web history should be you type into the address bar. This Web history should be periodically cleared out not only for privacy's sake.periodically cleared out not only for privacy's sake.

23rd April 2015

Privacy on the WebPrivacy on the Web3. 3. Log Out Of Search Engines Log Out Of Search Engines Most search engines these days require you to create an Most search engines these days require you to create an account and log in to access the full array of their services, account and log in to access the full array of their services, including search results. In order to best protect your privacy, including search results. In order to best protect your privacy, it's always a good idea to log out of your account after it's always a good idea to log out of your account after executing your Web searches. executing your Web searches.

4. Watch Your Downloads 4. Watch Your Downloads Be extremely cautious when downloading anything (software, Be extremely cautious when downloading anything (software, books, music, videos, etc.) from the Web. This is a good idea books, music, videos, etc.) from the Web. This is a good idea for privacy advocates, but it's also a great way to keep your for privacy advocates, but it's also a great way to keep your computer from freezing up and malfunctioning. Be very computer from freezing up and malfunctioning. Be very cautious when choosing what to download from the Web; some cautious when choosing what to download from the Web; some programs include adware that will report your surfing habits programs include adware that will report your surfing habits back to a third-party company that will then use that back to a third-party company that will then use that information to send you ads and unwanted emails, otherwise information to send you ads and unwanted emails, otherwise known as spam. known as spam.

23rd April 2015

Privacy on the WebPrivacy on the Web5. Use Common Sense 5. Use Common Sense This is pretty self-explanatory: don't go to places on the Web This is pretty self-explanatory: don't go to places on the Web that you would be embarrassed to have your wife, husband, that you would be embarrassed to have your wife, husband, children, or employer see. This is a very low-tech way to protect children, or employer see. This is a very low-tech way to protect your Web privacy, and yet, out of all the methods on this list, your Web privacy, and yet, out of all the methods on this list, might be the one that is most effective. might be the one that is most effective.

6. Guard Your Private Information 6. Guard Your Private Information Before sharing anything online - on a blog, website, message Before sharing anything online - on a blog, website, message board, or social networking site - be sure it's not something you board, or social networking site - be sure it's not something you would mind sharing in real life, off the Web. Don't share would mind sharing in real life, off the Web. Don't share information that could identify you in public, especially if you are a information that could identify you in public, especially if you are a minor. Keep identifying details, like user names, passwords, first minor. Keep identifying details, like user names, passwords, first and last names, addresses, and phone numbers, to yourself. Your and last names, addresses, and phone numbers, to yourself. Your email address should be kept as private as possible, because an email address should be kept as private as possible, because an email address can be used to track other identifying information.email address can be used to track other identifying information.. . 23rd April 2015

Privacy on the WebPrivacy on the Web7. Use Caution When Using Social Media 7. Use Caution When Using Social Media Social networking sites such as Facebook are extremely Social networking sites such as Facebook are extremely popular, and for good reason: they make it possible for popular, and for good reason: they make it possible for people to connect with each other all over the world. It's people to connect with each other all over the world. It's important to make sure that your privacy settings are set important to make sure that your privacy settings are set appropriately and that what you share on social appropriately and that what you share on social networking sites would not reveal anything of a personal networking sites would not reveal anything of a personal or financial nature. or financial nature.

8. Watch Out For Scams 8. Watch Out For Scams Think carefully before following links, opening files, or Think carefully before following links, opening files, or watching videos sent to you by friends or organizations. watching videos sent to you by friends or organizations. Watch for signs that these might not be for real: these Watch for signs that these might not be for real: these include misspellings, lack of secure encryption (no HTTPS include misspellings, lack of secure encryption (no HTTPS in the URL), and improper grammar. in the URL), and improper grammar. 23rd April 2015

Privacy on the WebPrivacy on the Web9. Protect Your System 9. Protect Your System Keeping your computer safe from harmful content on Keeping your computer safe from harmful content on the Web is simple with a few precautions, such as a the Web is simple with a few precautions, such as a firewall, appropriate updates to your existing software firewall, appropriate updates to your existing software programs (this ensures that all security protocols are programs (this ensures that all security protocols are kept up to date), and antivirus programs. kept up to date), and antivirus programs.

10. Monitor Your Online Reputation 10. Monitor Your Online Reputation Have you ever Googled yourself? You might be Have you ever Googled yourself? You might be surprised (or shocked!) to see what is out there on the surprised (or shocked!) to see what is out there on the Web. You can control much of what is out there on the Web. You can control much of what is out there on the Web with the precautions laid out here, as well as Web with the precautions laid out here, as well as keeping track of what is found about you in at least three keeping track of what is found about you in at least three different search engines on a regular basis.different search engines on a regular basis.

23rd April 2015

Guideline - Data Protection Act 2004

23rd April 2015

Vol. 6 - Privacy Impact Vol. 6 - Privacy Impact AssessmentAssessment

Guideline - Data Protection Act 2004

23rd April 2015

Vol. 7 - Guidelines on Vol. 7 - Guidelines on Privacy Enhancing Privacy Enhancing TechnologiesTechnologies

ConclusionConclusion

I commend all organisations to employ privacy I commend all organisations to employ privacy assessments for significant new initiatives involving assessments for significant new initiatives involving the handling of personal information. Achieving and the handling of personal information. Achieving and maintaining public trust in electronic service is a key maintaining public trust in electronic service is a key challenge for e-government and e-commerce. Failure challenge for e-government and e-commerce. Failure to give informed consideration to privacy issues when to give informed consideration to privacy issues when embarking on new projects could be an expensive embarking on new projects could be an expensive mistake. mistake.

  

A Privacy Assessment report will fill a gap in the A Privacy Assessment report will fill a gap in the knowledge of decision makers and enable them fully knowledge of decision makers and enable them fully to get to grips with the issues at the right time - to get to grips with the issues at the right time - before decisions are taken.before decisions are taken.

23rd April 2015

"Thank you for your kind attentionThank you for your kind attention"