DATA PROTECTION POLICY
The Data Protection Act, 2001 regulates the processing of personal data whether held electronically or in manual form. CSIRTMalta is set to fully comply with the Data Protection Principles as set out in the Act.
Purpose/s for collecting data
CSIRTMalta collects and processes information to analyse threats, and to assist its constituents with investigations related to computer security incidents. Such data may consist of:
Any file (with user-id included) stored in, transmitted from / to a host involved in an incident (as victim, relay or perpetrator)
Email addresses
User account name (for operating system, applications, centralised authentication services, etc)
Technical protocol data (IP address, MAC address) to which an individual may be associated
All data is collected and processed in accordance with the Data Protection Act 2001, the Official Secrets Act, and any other law/regulation to which CSIRTMalta may be subject.
Recipients of data
Employees of CSIRTMalta, who are assigned to carry out the its functions, access the information you give us. Personal Data may also be disclosed to third parties, who may also have access to your data as authorized by law. All data is collected and processed in accordance with the Data Protection Act, 2001.
Your rights:
You are entitled to know, free of charge, what information CSIRTMalta holds and processes about you and why; who has access to it; how it is kept up to date; what CSIRTMalta is doing to comply with its obligations under the Data Protection Act, 2001.
The Data Protection Act, 2001 sets down a formal procedure for dealing with data subject access requests, which CSIRTMalta follows.
All data subjects have the right to access any personal information kept about them by CSIRTMalta, either on computer or in manual files. Requests for access to personal information by data subjects are to be made in writing and addressed to the Data Controller of the Cabinet Office. Your identification details such as ID number, name and surname and address have to be submitted with the request. In case we encounter identification difficulties, you may be required to submit a photocopy of an identification document such as the Identity Card, driving license or passport, which document will be returned after identification is established.
CSIRTMalta aims to comply as quickly as possible with requests for access to personal information and will ensure that it is provided within a reasonable time, unless there is good reason for delay. When a request for access cannot be met within a reasonable time, the reason will be explained in writing to the data subject making the request.
All data subjects have the right to request that their information be amended, erased or not used in the event the data is incorrect.