Information Privacy Law

Information Privacy Law

Information privacy laws cover the protection of information on private individuals from misuse or intentional or unintentional disclosure. Over 80 countries and independent territories have now adopted comprehensive laws including nearly every country in Europe and many in Latin America and the Caribbean, Asia and Africa. Map The US is notable for not having adopted a comprehensive law on data protection but rather having adopted limited sectoral laws in some areas.

These laws are based on Fair Information Practices, first developed in the United States in the 1970s by the Department for Health, Education and Welfare (HEW). The basic principles of data protection are:

• For all data collected there should be a stated purpose
• Information collected by an individual cannot be disclosed to other organizations or individuals unless authorized by law or by consent of the individual
• Records kept on an individual should be accurate and up to date
• There should be mechanisms for individuals to review data about them, to ensure accuracy. This may include periodic reporting
• Data should be deleted when it is no longer needed for the stated purpose
• Transmission of personal information to locations where "equivalent" personal data protection cannot be assured is prohibited
• Some data is too sensitive to be collected, unless there are extreme circumstances (e.g., sexual orientation, religion)