SlideShare a Scribd company logo

Personal Data Protection for your Church

Benjamin Ck Ang
Benjamin Ck Ang

What Churches (and other religious organizations) need to do to comply with the Personal Data Protection Act (Singapore). Churches collect and use a lot of personal data from members as well as visitors, and need to be careful about the data privacy and legal issues that arise because the current Singapore legislation. These are adapted from a presentation that I gave to a local church that was concerned about what the law required them to do.

Law
1 of 36
Download to read offline
Personal Data Protection for your Church Benjamin Ang www.visual-lawschool.com
What is Personal Data? • Data about an individual who can be identified • from that data; • or from that data and other information to which the organisation has or is likely to have access. • Examples • Name • NRIC • Telephone number • Photograph • Address • E-mail • Social media ID • Medical history • Criminal record
Who is NOT covered by PDPA? • Any individual acting in a personal or domestic basis. • Any employee acting in the course of his or her employment • Any public agency • Business contact information • name, • position name or title, • business telephone • business address, • business e-mail address .
1. Consent Obligation Hi, new visitor. We are COLLECTING your Personal Data, and we are going to USE it to invite you to Church events. We may DISCLOSE it to Church staff. Do you consent? OK but what if I change my mind? You can WITHDRAW at any time
• An organisation may collect, use or disclose personal data about an individual for the purposes that a reasonable person would consider appropriate in the circumstances and for which the individual has given consent. • An organisation may not, as a condition of providing a product or service, require the individual to consent to the collection, use or disclosure of his or her personal data beyond what is reasonable to provide that product or service.
2. Purpose Limitation Obligation Please give us your NAME, PHONE NUMBER, and ADDRESS Sure Also give us your BLOOD TYPE. Or else you can’t come back
• An organisation may collect, use or disclose personal data about an individual for the purposes that a reasonable person would consider appropriate in the circumstances and for which the individual has given consent. • An organisation may not, as a condition of providing a product or service, require the individual to consent to the collection, use or disclosure of his or her personal data beyond what is reasonable to provide that product or service.
3. Notification Obligation Hi we want to invite you to our Church Musical! We want to invite your kids to attend Bible Camp!
Notify individuals of the purposes for which your organisation is intending to collect, use or disclose their personal data on or before such collection, use or disclosure of personal data.
4. Access and Correction Obligation 5. Accuracy Obligation Hi, please let me know who you’ve given my personal data to. Please also correct the typo in my name.
• Upon request, the personal data of an individual and information about the ways in which his or her personal data has been or may have been used or disclosed within a year before the request should be provided. • However, organisations are prohibited from providing an individual access under certain risky situations listed in the Act
• Organisations are also required to correct any error or omission in an individual’s personal data upon his or her request. Make reasonable effort to ensure that personal data collected by or on behalf of your organisation is accurate and complete, if it is likely to be used to make a decision that affects the individual, or if it is likely to be disclosed to another organisation.
6. Protection Obligation Can I copy the names and phone numbers of all of our members onto my thumbdrive, so I can call them any time for soccer? Sorry, no. Wow, did you know that XYZ lives in a huge mansion?
Make reasonable security arrangements to protect the personal data that your organisation possesses or controls to prevent unauthorised access, collection, use, disclosure or similar risks.
7. Retention Limitation Obligation Okay Hi, I’ve moved to the other side of the country and I will be going to church there. Please remove my data.
Cease retention of personal data or remove the means by which the personal data can be associated with particular individuals when it is no longer necessary for any business or legal purpose.
8. Transfer Limitation Obligation Don’t worry, if you transfer the personal data to us, we have the same policies and safety arrangements as you
Transfer personal data to another country only according to the requirements prescribed under the regulations, to ensure that the standard of protection provided to the personal data so transferred will be comparable to the protection under the PDPA, unless exempted by the PDPC.
9. Openness Obligation What are your data protection policies? What if I need to make a complaint? Ask me, I am the DATA PROTECTION OFFICER
• Make information about your data protection policies, practices and complaints process available on request. • Designate one or more individuals as a Data Protection Officer to ensure that your organisation complies with the PDPA, including the implementation of personal data protection policies within your organisation. • The business contact information of at least one of such individuals should also be made available to the public. Please note that compliance with the PDPA remains the responsibility of the organisation.
Existing Data • . I gave you my personal data in 1995 when I joined the Church We are now going to use it for a new purpose …
• Your organisation may continue to use personal data that has been collected before the data protection provisions of the PDPA came into effect on 2 July 2014 for the purposes for which the personal data was collected, unless the individual has withdrawn consent. If there is a different purpose for the use of the personal data, consent has to be obtained anew
How the Church can Manage Personal Data
DPO Handle queries/ complaints Tell others about the policies Make good policies Step 1 - Appoint a Data Protection Officer
• Designate at least one person to develop your organisation’s personal data policies and oversee your organisation's compliance with the PDPA. This person may be an existing employee in your organisation, and his or her role may include the following: • Developing good policies for handling personal data in electronic and/or manual form, that suit your organisation’s needs and comply with the PDPA; • Communicating the internal personal data protection policies and processes to customers, members and employees; • Handling queries or complaints about personal data from customers, members and employees; • Alerting your organisation to any risks that might arise with personal data; and • Liaising with the PDPC, if necessary.
Step 2 - Map out a Data Inventory • WHAT did we collect? • HOW did we collect it? (Did we get consent) • WHAT are we using it for? • WHO did we share it with? • WHO has access to it? • WHERE are we storing it? • HOW LONG are we storing it?
Step 3 - Implement Data Protection Processes Do our actions match the PDPA? Collection, Use and Disclosure Access and Correction Care for Data
Must the Church check the Do Not Call Registry? Messages that are covered • Offers to supply or promote goods or services • Advertising/promoting suppliers • Promoting business or investment opportunities Messages that are NOT covered • pure market survey or research • charitable or religious causes
Does DNC Apply? Do you want to buy tickets to our Church Musical? Do your kids want to attend Bible Camp? Can I share the Good News of Jesus Christ with you?
• Invitation to attend Bible camp = charitable or religious causes = not covered by DNC • Sharing the gospel = charitable or religious causes = not covered by DNC • Selling tickets to a musical = Offers to supply or promote goods or services = covered by DNC
Special cases: Photographs (e.g. Church events) I’m taking personal photos I’m taking official photos We’re at the wedding We’re at the open field
• Example: Deemed consent for photo-taking at private function • Organisation ABC holds a private function for a select group of invited clients and wishes to take photographs of attendees for its internal newsletter. If Organisation ABC intends to rely on deemed consent, measures that Organisation ABC may take to better ensure that the attendees are aware of (and accordingly, more likely to be deemed to have consented to) the purpose for which their photographs are collected, used and disclosed, could include: • a) Clearly stating in its invitation to clients that photographs of attendees will be taken at the function for publication in its internal newsletter; or • b) Putting up an obvious notice at the reception or entrance of the function venue to inform attendees that photographs will be taken at the event for publication in its internal newsletter.
Special cases: Photographs (e.g. Church events) • Good practices to get consent • State in your invitation that photos will be taken • Put an obvious notice at the event • Posing for photo = implied consent I’m taking official photos I love posing. Can I take a selfie?
• Example: Posing for photo-taking • Kevin attends Organisation ABC’s private function. During the function, Organisation ABC’s photographer informs Kevin that she is taking photographs for publication in Organisation ABC’s internal newsletter, and asks Kevin to pose for his photograph to be taken. By voluntarily posing for his photograph to be taken, Kevin would be deemed to have given consent • for the photograph to be collected, used or disclosed for the stated purpose.
Special cases: Minors (e.g. Sunday School, Youth) • The PDPA does not specify • Commission will adopt the practical rule of thumb that a minor who is at least 13 years can to consent on his own behalf • As a general guide, for <13 obtain consent from parent or guardian • Even for >13, do not apply undue influence on a minor You must give us your particulars, otherwise we won’t be your friends
DPO Handle queries/ complaints Tell others about the policies Make good policies Appoint a Data Protection Officer and work together

Recommended

12 Best Privacy Frameworks
12 Best Privacy Frameworks12 Best Privacy Frameworks
12 Best Privacy Frameworks
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
What is Open Source Intelligence (OSINT)
What is Open Source Intelligence (OSINT)What is Open Source Intelligence (OSINT)
What is Open Source Intelligence (OSINT)
Molfar
 
Security Awareness
Security Awareness Security Awareness
Security Awareness
Dedi Dwianto
 
Bssn book security awarness
Bssn book security awarnessBssn book security awarness
Bssn book security awarness
Yusuf Hadiwinata Sutandar
 
The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013
Myron Duncan Burton Betshanger
 
Securityawareness
SecurityawarenessSecurityawareness
Securityawareness
JayfErika
 
Data protection ppt
Data protection pptData protection ppt
Data protection ppt
grahamwell
 
GDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysGDPR: Training Materials by Qualsys
GDPR: Training Materials by Qualsys
Qualsys Ltd
 

Recommended

12 Best Privacy Frameworks
12 Best Privacy Frameworks12 Best Privacy Frameworks
12 Best Privacy Frameworks
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
What is Open Source Intelligence (OSINT)
What is Open Source Intelligence (OSINT)What is Open Source Intelligence (OSINT)
What is Open Source Intelligence (OSINT)
Molfar
 
Security Awareness
Security Awareness Security Awareness
Security Awareness
Dedi Dwianto
 
Bssn book security awarness
Bssn book security awarnessBssn book security awarness
Bssn book security awarness
Yusuf Hadiwinata Sutandar
 
The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013
Myron Duncan Burton Betshanger
 
Securityawareness
SecurityawarenessSecurityawareness
Securityawareness
JayfErika
 
Data protection ppt
Data protection pptData protection ppt
Data protection ppt
grahamwell
 
GDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysGDPR: Training Materials by Qualsys
GDPR: Training Materials by Qualsys
Qualsys Ltd
 
ISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdf
SerkanRafetHalil1
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data Security
WilmerHale
 
Internet Use, Privacy and security
Internet Use, Privacy and securityInternet Use, Privacy and security
Internet Use, Privacy and security
Awais Haider
 
Google Analytics, analytiikka ja evästeet -tietosuojanäkökulma
Google Analytics, analytiikka ja evästeet -tietosuojanäkökulmaGoogle Analytics, analytiikka ja evästeet -tietosuojanäkökulma
Google Analytics, analytiikka ja evästeet -tietosuojanäkökulma
Harto Pönkä
 
Cek Privasi dan Keamanan Digital di Ponselmu
Cek Privasi dan Keamanan Digital di PonselmuCek Privasi dan Keamanan Digital di Ponselmu
Cek Privasi dan Keamanan Digital di Ponselmu
Indriyatno Banyumurti
 
Security and Compliance Initial Roadmap
Security and Compliance Initial Roadmap Security and Compliance Initial Roadmap
Security and Compliance Initial Roadmap
Anshu Gupta
 
Cyberstalking ppt 02.18.19
Cyberstalking ppt 02.18.19Cyberstalking ppt 02.18.19
Cyberstalking ppt 02.18.19
Eddie San Peñalosa
 
The Protection of Personal Information Act: A Presentation
The Protection of Personal Information Act: A PresentationThe Protection of Personal Information Act: A Presentation
The Protection of Personal Information Act: A Presentation
Endcode_org
 
Data Protection Predictions for 2023.pdf
Data Protection Predictions for 2023.pdfData Protection Predictions for 2023.pdf
Data Protection Predictions for 2023.pdf
DarylBallesteros3
 
The Popi Act 4 of 2013 - Implications for iSCM
The Popi Act 4 of 2013 - Implications for iSCMThe Popi Act 4 of 2013 - Implications for iSCM
The Popi Act 4 of 2013 - Implications for iSCM
Myron Duncan Burton Betshanger
 
Digiturva: Uhkat ja suojautuminen - oma toiminta ja sen vaikutukset
Digiturva: Uhkat ja suojautuminen - oma toiminta ja sen vaikutuksetDigiturva: Uhkat ja suojautuminen - oma toiminta ja sen vaikutukset
Digiturva: Uhkat ja suojautuminen - oma toiminta ja sen vaikutukset
Harto Pönkä
 
Information security awareness
Information security awarenessInformation security awareness
Information security awareness
CAS
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & Security
Eryk Budi Pratama
 
Data security
Data securityData security
Data security
AbdulBasit938
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness
SnapComms
 
Developing an Information Security Program
Developing an Information Security ProgramDeveloping an Information Security Program
Developing an Information Security Program
Shauna_Cox
 
Política de segurança da informação diretrizes gerais
Política de segurança da informação diretrizes geraisPolítica de segurança da informação diretrizes gerais
Política de segurança da informação diretrizes gerais
Adriano Lima
 
Cybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdfCybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Ethics,security and privacy control
Ethics,security and privacy controlEthics,security and privacy control
Ethics,security and privacy control
Sifat Hossain
 
Employee security awareness communication
Employee security awareness communicationEmployee security awareness communication
Employee security awareness communication
SnapComms
 
Protección de Datos Personales
Protección de Datos PersonalesProtección de Datos Personales
Protección de Datos Personales
Rodrigo Rojas
 
5 steps to prevent project group meltdown
5 steps to prevent project group meltdown5 steps to prevent project group meltdown
5 steps to prevent project group meltdown
Benjamin Ck Ang
 

More Related Content

What's hot

Data Protection Predictions for 2023.pdf
Data Protection Predictions for 2023.pdfData Protection Predictions for 2023.pdf
Data Protection Predictions for 2023.pdf
DarylBallesteros3
 
Política de segurança da informação diretrizes gerais
Política de segurança da informação diretrizes geraisPolítica de segurança da informação diretrizes gerais
Política de segurança da informação diretrizes gerais
Adriano Lima
 

What's hot (20)

ISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdf
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data Security
 
Internet Use, Privacy and security
Internet Use, Privacy and securityInternet Use, Privacy and security
Internet Use, Privacy and security
 
Google Analytics, analytiikka ja evästeet -tietosuojanäkökulma
Google Analytics, analytiikka ja evästeet -tietosuojanäkökulmaGoogle Analytics, analytiikka ja evästeet -tietosuojanäkökulma
Google Analytics, analytiikka ja evästeet -tietosuojanäkökulma
 
Cek Privasi dan Keamanan Digital di Ponselmu
Cek Privasi dan Keamanan Digital di PonselmuCek Privasi dan Keamanan Digital di Ponselmu
Cek Privasi dan Keamanan Digital di Ponselmu
 
Security and Compliance Initial Roadmap
Security and Compliance Initial Roadmap Security and Compliance Initial Roadmap
Security and Compliance Initial Roadmap
 
Cyberstalking ppt 02.18.19
Cyberstalking ppt 02.18.19Cyberstalking ppt 02.18.19
Cyberstalking ppt 02.18.19
 
The Protection of Personal Information Act: A Presentation
The Protection of Personal Information Act: A PresentationThe Protection of Personal Information Act: A Presentation
The Protection of Personal Information Act: A Presentation
 
Data Protection Predictions for 2023.pdf
Data Protection Predictions for 2023.pdfData Protection Predictions for 2023.pdf
Data Protection Predictions for 2023.pdf
 
The Popi Act 4 of 2013 - Implications for iSCM
The Popi Act 4 of 2013 - Implications for iSCMThe Popi Act 4 of 2013 - Implications for iSCM
The Popi Act 4 of 2013 - Implications for iSCM
 
Digiturva: Uhkat ja suojautuminen - oma toiminta ja sen vaikutukset
Digiturva: Uhkat ja suojautuminen - oma toiminta ja sen vaikutuksetDigiturva: Uhkat ja suojautuminen - oma toiminta ja sen vaikutukset
Digiturva: Uhkat ja suojautuminen - oma toiminta ja sen vaikutukset
 
Information security awareness
Information security awarenessInformation security awareness
Information security awareness
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & Security
 
Data security
Data securityData security
Data security
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness
 
Developing an Information Security Program
Developing an Information Security ProgramDeveloping an Information Security Program
Developing an Information Security Program
 
Política de segurança da informação diretrizes gerais
Política de segurança da informação diretrizes geraisPolítica de segurança da informação diretrizes gerais
Política de segurança da informação diretrizes gerais
 
Cybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdfCybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdf
 
Ethics,security and privacy control
Ethics,security and privacy controlEthics,security and privacy control
Ethics,security and privacy control
 
Employee security awareness communication
Employee security awareness communicationEmployee security awareness communication
Employee security awareness communication
 

Viewers also liked

Protección de Datos Personales
Protección de Datos PersonalesProtección de Datos Personales
Protección de Datos Personales
Rodrigo Rojas
 
1430 mr andrew fung insights from tafep’s initiatives and research on effec...
1430 mr andrew fung insights from tafep’s initiatives and research on effec...1430 mr andrew fung insights from tafep’s initiatives and research on effec...
1430 mr andrew fung insights from tafep’s initiatives and research on effec...
Age Friendly Workforce Asia
 
Cyber Security and Data Privacy: Views on Article III Standing LIVE Webcast
Cyber Security and Data Privacy: Views on Article III Standing LIVE WebcastCyber Security and Data Privacy: Views on Article III Standing LIVE Webcast
Cyber Security and Data Privacy: Views on Article III Standing LIVE Webcast
Thomas LaPointe
 
The new data privacy regulation framework
The new data privacy regulation framework The new data privacy regulation framework
The new data privacy regulation framework
Thiebaut Devergranne
 

Viewers also liked (20)

Protección de Datos Personales
Protección de Datos PersonalesProtección de Datos Personales
Protección de Datos Personales
 
5 steps to prevent project group meltdown
5 steps to prevent project group meltdown5 steps to prevent project group meltdown
5 steps to prevent project group meltdown
 
E court solution
E court solutionE court solution
E court solution
 
e-SENS value story Member States
e-SENS value story Member Statese-SENS value story Member States
e-SENS value story Member States
 
e-SENS value story IT industry
e-SENS value story IT industrye-SENS value story IT industry
e-SENS value story IT industry
 
17 courts online
17 courts online17 courts online
17 courts online
 
cmritianz
cmritianzcmritianz
cmritianz
 
3 types of legal technology that work
3 types of legal technology that work3 types of legal technology that work
3 types of legal technology that work
 
1430 mr andrew fung insights from tafep’s initiatives and research on effec...
1430 mr andrew fung insights from tafep’s initiatives and research on effec...1430 mr andrew fung insights from tafep’s initiatives and research on effec...
1430 mr andrew fung insights from tafep’s initiatives and research on effec...
 
Dirección administrativa
Dirección administrativa Dirección administrativa
Dirección administrativa
 
E litigation in Singapore (2014) - an update of electronic filing in Singapor...
E litigation in Singapore (2014) - an update of electronic filing in Singapor...E litigation in Singapore (2014) - an update of electronic filing in Singapor...
E litigation in Singapore (2014) - an update of electronic filing in Singapor...
 
Confidential information and registered designs in singapore
Confidential information and registered designs in singaporeConfidential information and registered designs in singapore
Confidential information and registered designs in singapore
 
Cyber Security and Data Privacy: Views on Article III Standing LIVE Webcast
Cyber Security and Data Privacy: Views on Article III Standing LIVE WebcastCyber Security and Data Privacy: Views on Article III Standing LIVE Webcast
Cyber Security and Data Privacy: Views on Article III Standing LIVE Webcast
 
e-Court in CERC Transforming the Judicial Process….
e-Court in CERC Transforming the Judicial Process….e-Court in CERC Transforming the Judicial Process….
e-Court in CERC Transforming the Judicial Process….
 
Europe’s benefit from e-Government – ms perspective Giulio Borsari
Europe’s benefit from e-Government – ms perspective Giulio BorsariEurope’s benefit from e-Government – ms perspective Giulio Borsari
Europe’s benefit from e-Government – ms perspective Giulio Borsari
 
Catholic social teaching
Catholic social teachingCatholic social teaching
Catholic social teaching
 
The new data privacy regulation framework
The new data privacy regulation framework The new data privacy regulation framework
The new data privacy regulation framework
 
Employment Fair Fg Presentation(5)
Employment Fair Fg Presentation(5)Employment Fair Fg Presentation(5)
Employment Fair Fg Presentation(5)
 
Data Protection & Privacy in Malaysian Total Hospital Information System
Data Protection & Privacy in Malaysian Total Hospital Information SystemData Protection & Privacy in Malaysian Total Hospital Information System
Data Protection & Privacy in Malaysian Total Hospital Information System
 
Personal Data Protection Singapore - Pdpc corporate-brochure
Personal Data Protection Singapore - Pdpc corporate-brochurePersonal Data Protection Singapore - Pdpc corporate-brochure
Personal Data Protection Singapore - Pdpc corporate-brochure
 

Similar to Personal Data Protection for your Church

G&A Webinar: Religion in the Workplace: January 2016
G&A Webinar: Religion in the Workplace: January 2016 G&A Webinar: Religion in the Workplace: January 2016
G&A Webinar: Religion in the Workplace: January 2016
G&A Partners
 
Website Broker Privacy Policy
Website Broker Privacy PolicyWebsite Broker Privacy Policy
Website Broker Privacy Policy
Catherine Hutton
 
DMA - DPC Workshop - 23 October 2013
DMA - DPC Workshop - 23 October 2013DMA - DPC Workshop - 23 October 2013
DMA - DPC Workshop - 23 October 2013
Rachel Aldighieri
 
Hipaa Notice for Psychotherapy Private Practice
Hipaa Notice for Psychotherapy Private PracticeHipaa Notice for Psychotherapy Private Practice
Hipaa Notice for Psychotherapy Private Practice
Heatherina
 
Financial Wealth Check Form Oct14
Financial Wealth Check Form Oct14Financial Wealth Check Form Oct14
Financial Wealth Check Form Oct14
Frank Friedman
 
Mandatory hippa and information security
Mandatory hippa and information securityMandatory hippa and information security
Mandatory hippa and information security
Higgi123
 

Similar to Personal Data Protection for your Church (20)

pp_101_notes_eng.pdf
pp_101_notes_eng.pdfpp_101_notes_eng.pdf
pp_101_notes_eng.pdf
 
G&A Webinar: Religion in the Workplace: January 2016
G&A Webinar: Religion in the Workplace: January 2016 G&A Webinar: Religion in the Workplace: January 2016
G&A Webinar: Religion in the Workplace: January 2016
 
PDPA 2010 at office (HairulHafiz)
PDPA 2010 at office (HairulHafiz)PDPA 2010 at office (HairulHafiz)
PDPA 2010 at office (HairulHafiz)
 
Website Broker Privacy Policy
Website Broker Privacy PolicyWebsite Broker Privacy Policy
Website Broker Privacy Policy
 
DMA - DPC Workshop - 23 October 2013
DMA - DPC Workshop - 23 October 2013DMA - DPC Workshop - 23 October 2013
DMA - DPC Workshop - 23 October 2013
 
The changing face of privacy laws
The changing face of privacy lawsThe changing face of privacy laws
The changing face of privacy laws
 
Hipaa Notice for Psychotherapy Private Practice
Hipaa Notice for Psychotherapy Private PracticeHipaa Notice for Psychotherapy Private Practice
Hipaa Notice for Psychotherapy Private Practice
 
MDCC: Privacy and trade practices - 29 October 2014
MDCC: Privacy and trade practices - 29 October 2014MDCC: Privacy and trade practices - 29 October 2014
MDCC: Privacy and trade practices - 29 October 2014
 
LRM Financial Services Guide
LRM Financial Services GuideLRM Financial Services Guide
LRM Financial Services Guide
 
BFM_Privacy
BFM_PrivacyBFM_Privacy
BFM_Privacy
 
Core Training Slideshow
Core Training SlideshowCore Training Slideshow
Core Training Slideshow
 
Financial Wealth Check Form Oct14
Financial Wealth Check Form Oct14Financial Wealth Check Form Oct14
Financial Wealth Check Form Oct14
 
CAHU EXPO Grove City, OH 2014
CAHU EXPO Grove City, OH 2014 CAHU EXPO Grove City, OH 2014
CAHU EXPO Grove City, OH 2014
 
Child Protection Core Training - English
Child Protection Core Training - EnglishChild Protection Core Training - English
Child Protection Core Training - English
 
Ruggiero.hipaa training
Ruggiero.hipaa trainingRuggiero.hipaa training
Ruggiero.hipaa training
 
Vanessa Baic
Vanessa BaicVanessa Baic
Vanessa Baic
 
5) How charities can protect themselves against data reform - ‘Emerging Digit...
5) How charities can protect themselves against data reform - ‘Emerging Digit...5) How charities can protect themselves against data reform - ‘Emerging Digit...
5) How charities can protect themselves against data reform - ‘Emerging Digit...
 
Hipaa101 training2020
Hipaa101 training2020Hipaa101 training2020
Hipaa101 training2020
 
Mandatory hippa and information security
Mandatory hippa and information securityMandatory hippa and information security
Mandatory hippa and information security
 
E36 m3 bumper
E36 m3 bumperE36 m3 bumper
E36 m3 bumper
 

Recently uploaded

3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.ppt3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.ppt
seri bangash
 
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
e9733fc35af6
 
一比一原版赫尔大学毕业证如何办理
一比一原版赫尔大学毕业证如何办理一比一原版赫尔大学毕业证如何办理
一比一原版赫尔大学毕业证如何办理
Airst S
 
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
ss
 
一比一原版赫瑞瓦特大学毕业证如何办理
一比一原版赫瑞瓦特大学毕业证如何办理一比一原版赫瑞瓦特大学毕业证如何办理
一比一原版赫瑞瓦特大学毕业证如何办理
Airst S
 
Code_Ethics of_Mechanical_Engineering.ppt
Code_Ethics of_Mechanical_Engineering.pptCode_Ethics of_Mechanical_Engineering.ppt
Code_Ethics of_Mechanical_Engineering.ppt
JosephCanama
 
一比一原版(UNSW毕业证书)新南威尔士大学毕业证如何办理
一比一原版(UNSW毕业证书)新南威尔士大学毕业证如何办理一比一原版(UNSW毕业证书)新南威尔士大学毕业证如何办理
一比一原版(UNSW毕业证书)新南威尔士大学毕业证如何办理
ss
 
一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理
一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理
一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理
e9733fc35af6
 
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理
F La
 
ASMA JILANI EXPLAINED CASE PLD 1972 FOR CSS
ASMA JILANI EXPLAINED CASE PLD 1972 FOR CSSASMA JILANI EXPLAINED CASE PLD 1972 FOR CSS
ASMA JILANI EXPLAINED CASE PLD 1972 FOR CSS
CssSpamx
 
一比一原版(UM毕业证书)密苏里大学毕业证如何办理
一比一原版(UM毕业证书)密苏里大学毕业证如何办理一比一原版(UM毕业证书)密苏里大学毕业证如何办理
一比一原版(UM毕业证书)密苏里大学毕业证如何办理
F La
 
一比一原版(Warwick毕业证书)华威大学毕业证如何办理
一比一原版(Warwick毕业证书)华威大学毕业证如何办理一比一原版(Warwick毕业证书)华威大学毕业证如何办理
一比一原版(Warwick毕业证书)华威大学毕业证如何办理
Fir La
 
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
Airst S
 
一比一原版(KPU毕业证书)昆特兰理工大学毕业证如何办理
一比一原版(KPU毕业证书)昆特兰理工大学毕业证如何办理一比一原版(KPU毕业证书)昆特兰理工大学毕业证如何办理
一比一原版(KPU毕业证书)昆特兰理工大学毕业证如何办理
ss
 
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
Airst S
 
一比一原版(UWA毕业证书)西澳大学毕业证如何办理
一比一原版(UWA毕业证书)西澳大学毕业证如何办理一比一原版(UWA毕业证书)西澳大学毕业证如何办理
一比一原版(UWA毕业证书)西澳大学毕业证如何办理
bd2c5966a56d
 

Recently uploaded (20)

3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.ppt3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.ppt
 
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
 
一比一原版赫尔大学毕业证如何办理
一比一原版赫尔大学毕业证如何办理一比一原版赫尔大学毕业证如何办理
一比一原版赫尔大学毕业证如何办理
 
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
 
一比一原版赫瑞瓦特大学毕业证如何办理
一比一原版赫瑞瓦特大学毕业证如何办理一比一原版赫瑞瓦特大学毕业证如何办理
一比一原版赫瑞瓦特大学毕业证如何办理
 
Code_Ethics of_Mechanical_Engineering.ppt
Code_Ethics of_Mechanical_Engineering.pptCode_Ethics of_Mechanical_Engineering.ppt
Code_Ethics of_Mechanical_Engineering.ppt
 
一比一原版(UNSW毕业证书)新南威尔士大学毕业证如何办理
一比一原版(UNSW毕业证书)新南威尔士大学毕业证如何办理一比一原版(UNSW毕业证书)新南威尔士大学毕业证如何办理
一比一原版(UNSW毕业证书)新南威尔士大学毕业证如何办理
 
一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理
一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理
一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理
 
Sangyun Lee, Duplicate Powers in the Criminal Referral Process and the Overla...
Sangyun Lee, Duplicate Powers in the Criminal Referral Process and the Overla...Sangyun Lee, Duplicate Powers in the Criminal Referral Process and the Overla...
Sangyun Lee, Duplicate Powers in the Criminal Referral Process and the Overla...
 
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理
 
ASMA JILANI EXPLAINED CASE PLD 1972 FOR CSS
ASMA JILANI EXPLAINED CASE PLD 1972 FOR CSSASMA JILANI EXPLAINED CASE PLD 1972 FOR CSS
ASMA JILANI EXPLAINED CASE PLD 1972 FOR CSS
 
一比一原版(UM毕业证书)密苏里大学毕业证如何办理
一比一原版(UM毕业证书)密苏里大学毕业证如何办理一比一原版(UM毕业证书)密苏里大学毕业证如何办理
一比一原版(UM毕业证书)密苏里大学毕业证如何办理
 
Performance of contract-1 law presentation
Performance of contract-1 law presentationPerformance of contract-1 law presentation
Performance of contract-1 law presentation
 
一比一原版(Warwick毕业证书)华威大学毕业证如何办理
一比一原版(Warwick毕业证书)华威大学毕业证如何办理一比一原版(Warwick毕业证书)华威大学毕业证如何办理
一比一原版(Warwick毕业证书)华威大学毕业证如何办理
 
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
 
一比一原版(KPU毕业证书)昆特兰理工大学毕业证如何办理
一比一原版(KPU毕业证书)昆特兰理工大学毕业证如何办理一比一原版(KPU毕业证书)昆特兰理工大学毕业证如何办理
一比一原版(KPU毕业证书)昆特兰理工大学毕业证如何办理
 
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
 
一比一原版(UWA毕业证书)西澳大学毕业证如何办理
一比一原版(UWA毕业证书)西澳大学毕业证如何办理一比一原版(UWA毕业证书)西澳大学毕业证如何办理
一比一原版(UWA毕业证书)西澳大学毕业证如何办理
 
It’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy Novices
It’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy NovicesIt’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy Novices
It’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy Novices
 
Navigating Employment Law - Term Project.pptx
Navigating Employment Law - Term Project.pptxNavigating Employment Law - Term Project.pptx
Navigating Employment Law - Term Project.pptx
 

Personal Data Protection for your Church

  • 1. Personal Data Protection for your Church Benjamin Ang www.visual-lawschool.com
  • 2. What is Personal Data? • Data about an individual who can be identified • from that data; • or from that data and other information to which the organisation has or is likely to have access. • Examples • Name • NRIC • Telephone number • Photograph • Address • E-mail • Social media ID • Medical history • Criminal record
  • 3. Who is NOT covered by PDPA? • Any individual acting in a personal or domestic basis. • Any employee acting in the course of his or her employment • Any public agency • Business contact information • name, • position name or title, • business telephone • business address, • business e-mail address .
  • 4. 1. Consent Obligation Hi, new visitor. We are COLLECTING your Personal Data, and we are going to USE it to invite you to Church events. We may DISCLOSE it to Church staff. Do you consent? OK but what if I change my mind? You can WITHDRAW at any time
  • 5. • An organisation may collect, use or disclose personal data about an individual for the purposes that a reasonable person would consider appropriate in the circumstances and for which the individual has given consent. • An organisation may not, as a condition of providing a product or service, require the individual to consent to the collection, use or disclosure of his or her personal data beyond what is reasonable to provide that product or service.
  • 6. 2. Purpose Limitation Obligation Please give us your NAME, PHONE NUMBER, and ADDRESS Sure Also give us your BLOOD TYPE. Or else you can’t come back
  • 7. • An organisation may collect, use or disclose personal data about an individual for the purposes that a reasonable person would consider appropriate in the circumstances and for which the individual has given consent. • An organisation may not, as a condition of providing a product or service, require the individual to consent to the collection, use or disclosure of his or her personal data beyond what is reasonable to provide that product or service.
  • 8. 3. Notification Obligation Hi we want to invite you to our Church Musical! We want to invite your kids to attend Bible Camp!
  • 9. Notify individuals of the purposes for which your organisation is intending to collect, use or disclose their personal data on or before such collection, use or disclosure of personal data.
  • 10. 4. Access and Correction Obligation 5. Accuracy Obligation Hi, please let me know who you’ve given my personal data to. Please also correct the typo in my name.
  • 11. • Upon request, the personal data of an individual and information about the ways in which his or her personal data has been or may have been used or disclosed within a year before the request should be provided. • However, organisations are prohibited from providing an individual access under certain risky situations listed in the Act
  • 12. • Organisations are also required to correct any error or omission in an individual’s personal data upon his or her request. Make reasonable effort to ensure that personal data collected by or on behalf of your organisation is accurate and complete, if it is likely to be used to make a decision that affects the individual, or if it is likely to be disclosed to another organisation.
  • 13. 6. Protection Obligation Can I copy the names and phone numbers of all of our members onto my thumbdrive, so I can call them any time for soccer? Sorry, no. Wow, did you know that XYZ lives in a huge mansion?
  • 14. Make reasonable security arrangements to protect the personal data that your organisation possesses or controls to prevent unauthorised access, collection, use, disclosure or similar risks.
  • 15. 7. Retention Limitation Obligation Okay Hi, I’ve moved to the other side of the country and I will be going to church there. Please remove my data.
  • 16. Cease retention of personal data or remove the means by which the personal data can be associated with particular individuals when it is no longer necessary for any business or legal purpose.
  • 17. 8. Transfer Limitation Obligation Don’t worry, if you transfer the personal data to us, we have the same policies and safety arrangements as you
  • 18. Transfer personal data to another country only according to the requirements prescribed under the regulations, to ensure that the standard of protection provided to the personal data so transferred will be comparable to the protection under the PDPA, unless exempted by the PDPC.
  • 19. 9. Openness Obligation What are your data protection policies? What if I need to make a complaint? Ask me, I am the DATA PROTECTION OFFICER
  • 20. • Make information about your data protection policies, practices and complaints process available on request. • Designate one or more individuals as a Data Protection Officer to ensure that your organisation complies with the PDPA, including the implementation of personal data protection policies within your organisation. • The business contact information of at least one of such individuals should also be made available to the public. Please note that compliance with the PDPA remains the responsibility of the organisation.
  • 21. Existing Data • . I gave you my personal data in 1995 when I joined the Church We are now going to use it for a new purpose …
  • 22. • Your organisation may continue to use personal data that has been collected before the data protection provisions of the PDPA came into effect on 2 July 2014 for the purposes for which the personal data was collected, unless the individual has withdrawn consent. If there is a different purpose for the use of the personal data, consent has to be obtained anew
  • 23. How the Church can Manage Personal Data
  • 24. DPO Handle queries/ complaints Tell others about the policies Make good policies Step 1 - Appoint a Data Protection Officer
  • 25. • Designate at least one person to develop your organisation’s personal data policies and oversee your organisation's compliance with the PDPA. This person may be an existing employee in your organisation, and his or her role may include the following: • Developing good policies for handling personal data in electronic and/or manual form, that suit your organisation’s needs and comply with the PDPA; • Communicating the internal personal data protection policies and processes to customers, members and employees; • Handling queries or complaints about personal data from customers, members and employees; • Alerting your organisation to any risks that might arise with personal data; and • Liaising with the PDPC, if necessary.
  • 26. Step 2 - Map out a Data Inventory • WHAT did we collect? • HOW did we collect it? (Did we get consent) • WHAT are we using it for? • WHO did we share it with? • WHO has access to it? • WHERE are we storing it? • HOW LONG are we storing it?
  • 27. Step 3 - Implement Data Protection Processes Do our actions match the PDPA? Collection, Use and Disclosure Access and Correction Care for Data
  • 28. Must the Church check the Do Not Call Registry? Messages that are covered • Offers to supply or promote goods or services • Advertising/promoting suppliers • Promoting business or investment opportunities Messages that are NOT covered • pure market survey or research • charitable or religious causes
  • 29. Does DNC Apply? Do you want to buy tickets to our Church Musical? Do your kids want to attend Bible Camp? Can I share the Good News of Jesus Christ with you?
  • 30. • Invitation to attend Bible camp = charitable or religious causes = not covered by DNC • Sharing the gospel = charitable or religious causes = not covered by DNC • Selling tickets to a musical = Offers to supply or promote goods or services = covered by DNC
  • 31. Special cases: Photographs (e.g. Church events) I’m taking personal photos I’m taking official photos We’re at the wedding We’re at the open field
  • 32. • Example: Deemed consent for photo-taking at private function • Organisation ABC holds a private function for a select group of invited clients and wishes to take photographs of attendees for its internal newsletter. If Organisation ABC intends to rely on deemed consent, measures that Organisation ABC may take to better ensure that the attendees are aware of (and accordingly, more likely to be deemed to have consented to) the purpose for which their photographs are collected, used and disclosed, could include: • a) Clearly stating in its invitation to clients that photographs of attendees will be taken at the function for publication in its internal newsletter; or • b) Putting up an obvious notice at the reception or entrance of the function venue to inform attendees that photographs will be taken at the event for publication in its internal newsletter.
  • 33. Special cases: Photographs (e.g. Church events) • Good practices to get consent • State in your invitation that photos will be taken • Put an obvious notice at the event • Posing for photo = implied consent I’m taking official photos I love posing. Can I take a selfie?
  • 34. • Example: Posing for photo-taking • Kevin attends Organisation ABC’s private function. During the function, Organisation ABC’s photographer informs Kevin that she is taking photographs for publication in Organisation ABC’s internal newsletter, and asks Kevin to pose for his photograph to be taken. By voluntarily posing for his photograph to be taken, Kevin would be deemed to have given consent • for the photograph to be collected, used or disclosed for the stated purpose.
  • 35. Special cases: Minors (e.g. Sunday School, Youth) • The PDPA does not specify • Commission will adopt the practical rule of thumb that a minor who is at least 13 years can to consent on his own behalf • As a general guide, for <13 obtain consent from parent or guardian • Even for >13, do not apply undue influence on a minor You must give us your particulars, otherwise we won’t be your friends
  • 36. DPO Handle queries/ complaints Tell others about the policies Make good policies Appoint a Data Protection Officer and work together