Privacy Compliance Assessment in Mauritius
Compliance with the Data Protection Act can be a cumbersome process for many. Some might even ignore it as very few people ever question about privacy in Mauritius. Nonetheless, the law remains the law. To help in making privacy simpler to understand and comply with, several months ago, Nadim Bundhoo, Nirvan Pagooah, Ajay Ramjatan, S. Moonesamy and I collaborated on a project, which we called the "Privacy Compliance Assessment" webapp.
The Privacy Compliance Assessment web application can be accessed at http://www.elandsys.com/~sm/privacy-mu.
A data controller needs to make sure that procedures of collection, processing and storage of data as set are compliant with the Data Protection Act 2004 of Mauritius.
The Data Protection Commissioner accepted our invitation to introduce the webapp and do a presentation during the Developers Conference 2015. The slides which the Commissioner used for her presentation are at http://dataprotection.govmu.org.
How does the webapp work?
The application runs on the client side, that is your web browser. The assessment takes you through a series of questions that can be answered with a Yes/No toggle button. At the end of the assessment, you're told whether your organization is compliant with the Data Protection Act 2004. Information that you provide are not sent back to the server. You may run the assessment as many times as you require.
The web application is released under the GNU General Public License (GPL) version 2. You may use the app, modify it and redistribute it as allowed under GNU GPLv2.
We aim to present "privacy" in a simple way and make "privacy compliance" a bit of a fun thing to achieve :)
On 15 May 2014, I highlighted a major privacy breach on the mnic.mu website where personal data collected through Google Forms were exposed on the Internet.
On 1 June 2014, I reported a data leak on the Tourism Authority's website that affected over 9,000 people.
On 7 July 2014, I presented security flaws on the government web portal that could lead to data leakage.
On 5 October 2014, I wrote about my concerns over the use of Face recognition CCTV cameras in urban areas of Mauritius.
On 3 October 2014, S. Moonesamy reported privacy concerns with konetou advertising.
On 23 September 2015, I wrote to the Ministry of Technology, Communication and Innovation, highlighting my concerns as to the collection of telephony log data through the "login captcha" on the government web portal.