Data Theft rules and regulations: Things you should know (Pt.1)

Data Theft rules and regulations: Things you should

know (Pt.1)

Website : www.faidepro.comAddress : 417- Accurate Square, Tagore Road,

Rajkot, India - 360002E- Mail : [email protected] No : +919510395794

Issues Faced : ❏ The most serious problem with data theft is its

international nature; for example, systems may be accessed in the United States, data exploited in China, and the effects felt in India.

❏ Different sovereignties, jurisdictions, laws, and rules will come into play as a result of this capacity, which is a problem in and of itself.

❏ Furthermore, gathering evidence in such circumstances becomes a problem because conducting an investigation in three different countries, all of which do not speak the same language, is nearly impossible, and our cops’ lack of technological know-how adds to the problems. https://faidepro.com/dataandit.php

❏ Another issue is a lack of cooperation between various investigating agencies and a shaky extradition process.

❏ The most critical of all of these problems is the lack of clear legislation in the country dealing with this crime, which means that even though the perpetrator is apprehended, he can easily get away by using some of our legal loopholes.

❏ Data and IT services provide better protection against data theft.

❏ We’ve compiled a list of ten data protection laws from around the world that businesses should be aware of. The IT Security Standards provide a complete guideline in this field.

Issues Faced :

https://faidepro.com/dataandit.php

1. General Data Protection Regulation (GDPR) (EU)

❏ The General Data Protection Regulation (GDPR) of the European Union went into effect on May 25, 2018, and it has had a far-reaching ripple effect, putting data protection into the public eye and onto legislative agendas all over the world.

❏ GDPR is the most dramatic reform in the data privacy policy in the last 20 years, offering unparalleled levels of security and individual empowerment.

❏ The European Union’s current data protection policy imposes new requirements on businesses and organisations to ensure the privacy and protection of personal data, grants data subjects’ certain privileges, and empowers regulators to demand transparency demonstrations or even levy fines in cases of non-compliance.https://faidepro.medium.com/what-is-gdpr-3ff0034ff454

❏ The GDPR 's main principles include legal, equitable, and straightforward processing, clear and explicit consent, mandatory violation notification, the right to access, the right to be forgotten, and privacy by design and default.

❏ The regulation has extraterritorial application, which means it extends to all entities that collect and process personal data of EU citizens, regardless of their location.

1. General Data Protection Regulation (GDPR) (EU)

https://faidepro.medium.com/what-is-gdpr-3ff0034ff454

https://faidepro.com/dataandit.php

2. The Personal Information Security and Electronic Records Act (PIPEDA) (Canada)

❏ The Personal Information Security and Electronic Documents Act (PIPEDA), Canada’s federal data protection statute, was passed in 2000. The Personal Information Protection and Electronic Documents Act (PIPEDA) governs how companies obtain, use, and report personal and confidential data in the private sector, among other things.

❏ The legislation is divided into ten fundamental values that must be followed by companies.

https://faidepro.com/dataandit.php

2. The Personal Information Security and Electronic Records Act (PIPEDA) (Canada)

❏ The Government of Canada released the Data Privacy Act, an update to PIPEDA, on November 1st, 2018, in order to harmonise Canadian standards with those of the EU’s GDPR. This Act modifies PIPEDA by adding additional regulations such as consent provisions, data breach alerts, and a broader scope of implementation.

❏ The Government of Canada announced a 10-principle Digital Charter and a Discussion Paper detailing plans to modernise PIPEDA on May 22, 2019.

https://faidepro.com/dataandit.php

3. The California Consumer Privacy Act (CCPA) (California)

❏ The California Consumer Privacy Act (CCPA), which takes effect on January 1, 2020, was enacted in response to the increasing importance of personal data in modern business practices, as well as the personal privacy consequences of data collection, usage, and security.

❏ The Golden State’s new data privacy legislation, which was signed into law on June 28, 2018, provides users access to and control over personal information collected online, and it requires businesses doing business in California to make structural improvements to their privacy systems.https://faidepro.com/dataandit.php

3. The California Consumer Privacy Act (CCPA) (California)

❏ Given California’s status as the world’s fifth-largest economy, the CCPA is expected to have a global effect, similar to the GDPR.

❏ An expanded definition of personal information, new data privacy protections for California residents, a new statutory damages system, and new rules when children’s personal data is used are all main components of the CCPA.

❏ The right to know what data is being collected about them and how it is being used, as well as the right to have their data erased, are among the many parallels between California’s new privacy law and its European equivalent, the GDPR.

❏ However, there are major differences between the two laws, especially in terms of the extent of implementation and rules concerning acquiescence.

https://faidepro.com/dataandit.php

4. The Act on Personal Information Protection (APPI) (Japan)

❏ The Act on Personal Information Protection in Japan (APPI) was passed in 2003 and went into effect in 2005. It was substantially revised ten years later, in 2015; the changes went into force on May 30, 2017, one year ahead of the EU’s GDPR.

❏ The APPI safeguards individuals’ personal data in Japan by developing laws for governments and some business operators to obey in order to secure an individual’s rights when it comes to collecting and managing personal data. Whether or not cross-border data transfers occur, entities operating in Japan must comply with APPI.https://faidepro.com/dataandit.php

4. The Act on Personal Information Protection (APPI) (Japan)

❏ In some ways, the APPI differs from the GDPR; the GDPR offers more rights to data subjects and imposes tighter rules on organisations that handle personal data than the APPI.

❏ Following the GDPR, Japan became the first country to receive an adequacy decision from the European Commission (EC), ensuring a seamless flow of data between the EU and Japan as well as facilitating increased data transfers.

https://faidepro.com/dataandit.php

5. Lei Geral de Proteço de Dados (LGPD) (Brazil)

❏ Brazil adopted the General Data Protection Law (“Lei Geral de Proteço de Dados” or “LGPD”) on August 14, 2018, which will take effect on August 15, 2020. The new data protection system, which is largely influenced by the GDPR, sets guidelines for the online and offline collection of personal data in both the public and private sectors, regardless of the position of the data processor.

❏ The law seeks to replace and complement current legal codes, with one of the goals being to bring Brazil’s data care in line with European standards.

https://faidepro.com/dataandit.php

5. Lei Geral de Proteço de Dados (LGPD) (Brazil)

❏ Data subjects’ rights (e.g., the right to request access to their data as well as the right to be forgotten), the need for data protection officers, data protection impact evaluations, and data breach alerts are all key parallels between the LGPD and GDPR.

❏ However, the LGPD goes beyond and beyond European regulation in many ways, such as legal bases and mandatory violation notices.

https://faidepro.com/dataandit.php

6. Personal Data Protection Act (PDPA) (Singapore)

❏ In Singapore, personal data is covered by the Personal Data Protection Act (PDPA), which was passed in 2012 and went into effect in 2014. The PDPA is a data security system that governs the collection, use, disclosure, and storage of personal data for all private sector organisations.

❏ It respects both individuals’ rights to personal data privacy and organisations’ needs to obtain, use, and reveal personal data for legitimate and fair purposes.

❏ The PDPA, like the GDPR, has extraterritorial application and refers to anyone who does not have a physical presence in Singapore.

https://faidepro.com/dataandit.php

7. Personal Data Protection Act (PDPA) (Thailand)❏ The Personal Data Protection Act (PDPA), Thailand’s first unified

law regulating data protection in the country, was published on May 27, 2019. By May 27, 2020, organisations gathering and processing personal data must be consistent with the PDPA.

❏ Thailand’s government has generally taken principles from the GDPR, with a few tweaks to suit the country’s needs. It did so on purpose to prove that Thailand has an “adequate” standard of data security in contrast to the EU.

❏ The PDPA contains a new concept of personal information, special categories of confidential data, consent provisions for minors, data subjects’ privileges, extraterritoriality, and limits on personal data transfers to third countries, among other items.

https://faidepro.com/dataandit.php

7. Personal Data Protection Act (PDPA) (Thailand)❏ The PDPA contains a new concept of personal

information, special categories of confidential data, consent provisions for minors, data subjects’ privileges, extraterritoriality, and limits on personal data transfers to third countries, among other items.

- To be continued in Pt.2

https://faidepro.com/dataandit.php

Website: https://faidepro.comBlog: http://blogs.faidepro.com/

LinkedIn: https://in.linkedin.com/company/faideproTwitter: https://twitter.com/faidepro

Instagram: https://www.instagram.com/faidepro/Facebook : https://www.facebook.com/Faidepro-103150408248729

Source: https://faidepro.medium.com/

FaidePro