Information officer

Last updated

Information officer is the title of the role defined in South Africa's Protection of Personal Information Act (POPIA) to the person responsible for encouraging responsible persons to comply with the principles and conditions for the lawful processing of personal information and assisting data subjects make requests and lodge complaints. The title information officer [1] is synonymous with that of data protection officer [2] established in the General Data Protection Regulation (GDPR). The data protection officer is not the same as that of chief privacy officer in the United States.

The term information officer is not a standard term in EU and USA as it might be confused with chief information officer role.

An information officer’s responsibilities (similar to those of a data protection officer) include:

  1. The encouragement of compliance, by a public or private body, with the principles and conditions for the lawful processing of personal information.
  2. Dealing with requests made to the body by a data subject.
  3. Working with the relevant regulator or supervisory authority.

Related Research Articles

Freedom of information laws allow access by the general public to data held by national governments and, where applicable, by state and local governments. The emergence of freedom of information legislation was a response to increasing dissatisfaction with the secrecy surrounding government policy development and decision making. In recent years Access to Information Act has also been used. They establish a "right-to-know" legal process by which requests may be made for government-held information, to be received freely or at minimal cost, barring standard exceptions. Also variously referred to as open records, or sunshine laws, governments are typically bound by a duty to publish and promote openness. In many countries there are constitutional guarantees for the right of access to information, but these are usually unused if specific support legislation does not exist. Additionally, the United Nations Sustainable Development Goal 16 has a target to ensure public access to information and the protection of fundamental freedoms as a means to ensure accountable, inclusive and just institutions.

Information privacy is the relationship between the collection and dissemination of data, technology, the public expectation of privacy, and the legal and political issues surrounding them. It is also known as data privacy or data protection.

Data Protection Directive European Union directive which regulates the processing of personal data

The Data Protection Directive, officially Directive 95/46/EC, enacted in October 1995, is a European Union directive which regulates the processing of personal data within the European Union (EU) and the free movement of such data. The Data Protection Directive is an important component of EU privacy and human rights law.

Data Protection Act 1998 United Kingdom legislation

The Data Protection Act 1998 was a United Kingdom Act of Parliament designed to protect personal data stored on computers or in an organised paper filing system. It enacted the EU Data Protection Directive 1995's provisions on the protection, processing and movement of data.

Information Commissioners Office Non-departmental public body

The Information Commissioner's Office (ICO) is a non-departmental public body which reports directly to the Parliament of the United Kingdom and is sponsored by the Department for Digital, Culture, Media and Sport (DCMS). It is the independent regulatory office dealing with the Data Protection Act 2018 and the General Data Protection Regulation, the Privacy and Electronic Communications Regulations 2003 across the UK; and the Freedom of Information Act 2000 and the Environmental Information Regulations 2004 in England, Wales and Northern Ireland and, to a limited extent, in Scotland.

Freedom of Information Act 2000 United Kingdom legislation

The Freedom of Information Act 2000 is an Act of the Parliament of the United Kingdom that creates a public "right of access" to information held by public authorities. It is the implementation of freedom of information legislation in the United Kingdom on a national level. Its application is limited in Scotland to UK Government offices geo-located in Scotland. The Act implements a manifesto commitment of the Labour Party in the 1997 general election, developed by David Clark as a 1997 White Paper. The final version of the Act is believed to have been diluted from that proposed while Labour was in opposition. The full provisions of the act came into force on 1 January 2005.

A privacy policy is a statement or legal document that discloses some or all of the ways a party gathers, uses, discloses, and manages a customer or client's data. Personal information can be anything that can be used to identify an individual, not limited to the person's name, address, date of birth, marital status, contact information, ID issue, and expiry date, financial records, credit information, medical history, where one travels, and intentions to acquire goods and services. In the case of a business, it is often a statement that declares a party's policy on how it collects, stores, and releases personal information it collects. It informs the client what specific information is collected, and whether it is kept confidential, shared with partners, or sold to other firms or enterprises. Privacy policies typically represent a broader, more generalized treatment, as opposed to data use statements, which tend to be more detailed and specific.

Personal data, also known as personal information or personally identifiable information (PII) is any information related to an identifiable person.

Information privacy, data privacy or data protection laws provide a legal framework on how to obtain, use and store data of natural persons. The various laws around the world describe the rights of natural persons to control who is using its data. This includes usually the right to get details on which data is stored, for what purpose and to request the deletion in case the purpose is not given anymore.

Copyright law of Ireland is applicable to most typical copyright situations. Protection expires 70 years after the death of the author/creator. Irish law includes a provision for "fair dealing," similar to that used by other countries. In 2012, a copyright law was proposed that Wired compared to SOPA and suggested could pass without parliamentary vote.

Privacy law is the to body of law that deals with the regulation, storing, and using of personally identifiable information, personal healthcare information, and financial information of individuals, which can be collected by governments, public or private organisations, or other individuals. It also applies in the commercial sector to things like trade secrets and the liability that directors, officers, and employees have when handing sensitive information.

European Data Protection Supervisor

The European Data Protection Supervisor (EDPS) is an independent supervisory authority whose primary objective is to ensure that European institutions and bodies respect the right to privacy and data protection when they process personal data and develop new policies.

The German Bundesdatenschutzgesetz (BDSG) is a federal data protection act, that together with the data protection acts of the German federated states and other area-specific regulations, governs the exposure of personal data, which are manually processed or stored in IT systems.

General Data Protection Regulation European regulation on personal data

The General Data Protection Regulation (EU) 2016/679 (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas. The GDPR's primary aim is to give individuals control over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. Superseding the Data Protection Directive 95/46/EC, the regulation contains provisions and requirements related to the processing of personal data of individuals who are located in the EEA, and applies to any enterprise—regardless of its location and the data subjects' citizenship or residence—that is processing the personal information of individuals inside the EEA.

The right to be forgotten (RTBF) is the right to have private information about a person be removed from Internet searches and other directories under some circumstances. The concept has been discussed and put into practice in both the European Union (EU) and in Argentina since 2006. The issue has arisen from desires of individuals to "determine the development of their life in an autonomous way, without being perpetually or periodically stigmatized as a consequence of a specific action performed in the past."

Google Spain SL, Google Inc. v Agencia Española de Protección de Datos, Mario Costeja González (2014) is a decision by the Court of Justice of the European Union (CJEU). It held that an Internet search engine operator is responsible for the processing that it carries out of personal information which appears on web pages published by third parties.

Data Protection Act, 2012

The Data Protection Act, 2012 is legislation enacted by the Parliament of the Republic of Ghana to protect the privacy and personal data of individuals. It regulates the process personal information is acquired, kept, used or disclosed by data controllers and data processors by requiring compliance with certain data protection principles. Non compliance with provisions of the Act may attract either civil liability, or criminal sanctions, or both, depending on the nature of the infraction. The Act also establishes a Data Protection Commission, which is mandated to ensure compliance with its provisions, as well as maintain the Data Protection Register.

The Ley Federal de Protección de Datos Personales en Posesión de los Particulares, is a law of Mexico, approved by the Mexican Congress on April 27, 2010. The law aims to regulate the right to informational self-determination. The law was published on July 5, 2010 in the Official Gazette and entered into force on July 6, 2010. Its provisions apply to all natural or legal persons who carry out the processing of personal data in the applicable exercise of their activities. Companies such as banks, insurance companies, hospitals, schools, telecommunications companies, religious organizations, and professionals such as lawyers, doctors, and others, are required to comply with the provisions of this law.

In the United Kingdom, the National Pupil Database (NPD) is controlled by the Department for Education, based on multiple data collections from individuals age 2-21 in state funded education and Higher Education in England. Data are matched using pupil names, dates of birth and other personal and school characteristics, including special educational needs, disability, and indicators for free school meals, a child in care, and families in the armed forces. Personal details are linked to pupils' attainment and exam results over a lifetime school attendance.

The Campus Privacy Officer (CPO) is a position within a post-secondary university that ensures that student, faculty, and parent privacy is maintained. The CPO role was created because of growing privacy concerns across college campuses. The responsibilities of the CPO vary depending on the specific needs of the campus community. Their daily tasks may include drafting new privacy policies for their respective college campus, creating a curriculum that informs teachers and students about privacy, helping to investigate any privacy breaches within the university, and ensuring that the university is abiding by current state and federal privacy laws. CPOs are also responsible for connecting with student and faculty groups across the entire campus in order to understand the privacy concerns of the campus. The role of CPO is an expanding profession within the United States and other countries, such as Canada and South Africa. There are numerous organizations that exist to provide training for CPOs and support them.

References

  1. "Protection of Personal Information Act, 2013" (PDF). Government Printers, 2013, No. 37067. Retrieved 26 November 2013.
  2. "Guidelines on Data Protection Officers" (PDF). Retrieved 23 January 2017.