- Responsible party to ensure conditions for lawful processing
- Consent, Justification and Objection
- Collection directly from data subject
- Collection for specific purpose
- Retention and restriction of records
Condition 4: Further Processing Limitation
- Further processing to be compatible with purpose of collection
Condition 5: Information Quality
- Notification to data subject when collecting personal information
Condition 7 Security Safeguards
- Security measures on integrity and confidentiality of personal information
- Information processed by operator or person acting under authority
- Security measures regarding information processed by operator
- Notification of security compromises
Condition 8: Data Subject Participation
- Access to personal information
- Correction of personal information
Processing of special personal information
- Prohibition on processing special personal information
- General Authorisation concerning Special information
- Authorisation concerning data subject’s religious or philosophical beliefs
- Authorisation concerning data subject’s race or ethnic origin
- Authorisation concerning data subject’s trade union membership
- Authorisation concerning data subject’s political persuasion
- Authorisation concerning data subject’s health or sex life
- Authorisation concerning data subject’s criminal behaviour or biometric information
Processing of personal information of children
- Prohibition on processing personal information of children
- General authorisation concerning personal information of children
- Establishment of Information Regulator
- Appointment, term of office and removal of members of Regulator
- Powers, duties and functions of Chairperson and other members
- Regulator to have regard to certain matters
- Remuneration, allowances, benefits and privileges of members
- Staff
- Powers, duties and functions of chief executive officer
- Establishment of Enforcement Committee
- Funds
Processing subject to prior authorisation
Responsible party to notify Regulator if processing is subject to prior authorisation
Notification, availability and commencement of code of conduct
Procedure for dealing with complaints
Amendment and revocation of codes of conduct
Guidelines about codes of conduct
Register of approved codes of conduct
Interference with protection of personal information of data subject
Mode of complaints to Regulator
Action of Receipt of Complaint
Regulator may decide to take no action on complaint
Referral of complaint to regulatory body
Pre-investigation proceedings of Regulator
Investigation proceedings of Regulator
Requirements for issuing of warrant
Matters exempt from search and seizure
Communication between legal adviser and client exempt
Objection to search and seizure
Parties to be informed of result and assessment
Matters referred to Enforcement Committee
Functions of Enforcement Committee
Parties to be informed of developments during and result of investigation
Obstruction of execution of warrant
Failure to comply with enforcement or information notices
Unlawful acts by responsible parties in connection with account number
Unlawful acts by third parties in connection with account number