Controllers

Controllers are entities which, alone or jointly with others, determine the purposes and means of the processing of personal data. The Act imposes structural and other substantive obligations on controllers. In other words, the Act requires controllers to treat data in specific ways, and to structure access and control of that data in specific ways.

Note that the Act holds that a controller is responsible for all of the duties and responsibilities imposed on a controller even where a controller has deferred control of data to a third-party processor.

---

Disclaimer: The Attorney General’s Office (“AGO”) is providing this page as a rough guide to explore rights and obligations pursuant to the Act. In many instances, this website simplifies or rewords the provisions of the Act for comprehension and readability. The website is not intended to provide guidance as to how the AGO would enforce the Act. It is not the AGO’s intention to provide any information on this website that would conflict with the Act. The AGO offers this website as a tool for exploring the Act, but nothing on this site should be construed as legal advice for interpreting the Act or how the Act might be enforced.