Previous 38 / 73 Next
Normal view
Electronic

Communications

and Transactions

[ N o . 21 o f 2 0 0 9

257

42. (1) A data controller shall have the express written
permission of the data subject for the collection, collation, processing

Principles for
electronically

or disclosure of any personal information on that data subject unless

c o l l c c t i n

the data controller is permitted or r e q u i r e d to do so by law.

information

.

i

ii

•

-

i

•

i

i

i

(2)
A data controller shall not electronically request, collect,
collate, process or store personal information on a data subject
which is not necessary for the lawful purpose for which the personal
information is required.
(3) A data controller shall disclose, in writing, to the data subject
the specific purpose for which any personal information is being
requested, collected, collated, processed or stored.
(4) A data controller shall not use any personal information for
any other purpose than the disclosed purpose, without the express
written permission of the data subject, unless the data controller is
permitted or required to do so by law.
(5) A d a t a c o n t r o l l e r s h a l l , for as long as any p e r s o n a l
information is used and for a period of at least one year thereafter,
keep a record of the personal information and the specific purpose
for which the personal information w a s collected.
(6) A data controller shall not disclose any personal information
held by the data controller to a third party unless required or
permitted by law or specifically authorised to do so in writing by
the data subject.
( 7 ) A d a t a c o n t r o l l e r s h a l l , for as l o n g as t h e p e r s o n a l
information is used and for a period of at least one year thereafter,
keep a record of any third party to w h o m the personal information
was disclosed and of the date on which, and the purpose for which,
it w a s disclosed.
(8) Except as otherwise provided under this Act or any other
law, a data controller shall delete or destroy all personal information
under the section.
( 9 ) A data controller may use any personal information to
compile profiles for statistical purposes and may freely trade with
such profiles and statistical data, as long as the profiles or statistical
data cannot be linked to any specific data subject by a third party.

8

personal

Select target paragraph3

  • Uwazi is developed by uwazi

    in Kenya, Ecuador, Spain, Germany and USA.

  •  
  • ICT Policy Africa
  •  
  • Library
  • Login