Fairness, Lawfulness & Purpose Limitation
This standard requires that personal data must be processed fairly and lawfully and not obtained by deception.
What is Fairness & Lawfulness -1st Standard?
This standard limits the collection of data to only what is adequate, relevant, and not excessive
What is Data Minimisation – 3rd Standard?
Fill in the Blank: Data should not be kept longer than is _______ for the purpose it was collected.
What is necessary?
These are two rights that every data subject has under the Jamaica DPA
What are:
Right to access/ be informed
Right to rectification/correction
Right not to be subjected to automated decision-making
Right to data portability
Right to restrict processing/object
Right to erasure
These are the lawful bases for processing personal data.
What is Consent, Contract, Legal obligation, Vital interests, Public Task, Legitimate interest?
True or False: Once personal data is collected, it can be used for any purpose that benefits the organisation.
What is False — violates Purpose Limitation?
A form asks for your spouse’s employer even though it’s unnecessary for the service. Name the standard this violates.
What is Data Minimisation– 3rd Standard?
This must be done with personal data once it’s no longer required.
What is secure disposal or destruction?
This right allows you to request correction of inaccurate or incomplete personal data.
What is the Right to Rectification/Correction?
Through this method, bad actors impersonate victims to scam their contacts after taking over the victims' WhatsApp.
What is Account Hijacking?
A supermarket collects personal data for billing then later uses it for direct marketing without consent. Name the standard that was breached.
What is Purpose Limitation —2nd Standard?
This standard requires that personal data be kept up to date and corrected when inaccurate.
What is Accuracy- 4th Standard?
This standard requires organisations to take appropriate steps to protect personal data through some measures.
What are Technical & Organisational Measures– 7th Standard?
The Cross-Border Transfer standard regulates this
What is the transfer of personal data outside Jamaica (only to countries with adequate protection)?
This person or persons is primarily responsible for data protection in an organisation.
Who are everyone?
Name the section of the Act that outlines the lawful bases under which personal data can be processed
What is Section 23 — Lawful Bases for Processing?
A data controller must do what if a data subject notifies them that their information is incorrect.
What is rectification- take reasonable steps to update/correct it?
These are two examples of technical or organisational measures that help safeguard data.
What is encryption, access control, staff training, breach management procedures, data protection policies etc?
This is one lawful reason why data may be transferred abroad even if the foreign country lacks adequate protection.
What is Consent, Contractual necessity, Legal obligation, Vital interests, or Public interest?
This happens if an organisation processes data without a lawful basis.
What is a breach or contravention of the DPA?
A controller should do what if they want to use personal data for a new purpose not originally specified.
What is to obtain new consent?
True or False: A controller can still comply with the Accuracy standard even if errors exist, provided reasonable efforts were made.
What is True?
If a data processor handles data on behalf of a controller, their contract must ensure this under the Act.
What are the obligations of a data processor: written contract, breach reporting, and equivalent security?
This list is among some things to be considered for cross boarder transfers:
Nature of the data
Laws in that country
Safeguards
Purpose
International obligations.
What is 'adequate level of protection'?