Because of the all-pervading nature of information and communications technology as well as the ease with with data can be accessed and transferred, some countries have introduced legislation to protect the privacy of individuals and organisations.
The purpose of data protection legislation is to specify how data may be obtained, stored and used. This type of legislation can be very technical and complex. Some of the key points of the Data Protection Act of 1998 of the United Kingdom are set out below as an illustration of the issues covered.
- The provisions of the act refer to data in whatever way it is stored, whether electronic or paper.
- Personal data should be obtained in a fair and lawful way.
- Data should be processed in accordance with its original purpose. If data is to be used for purposes other than for which it is collected, safeguards need to be put in place to avoid abuse.
- Data must be up-to-date and accurate.
- Data must not be kept for longer than is necessary.
- Appropriate security measures must be in place to prevent:
Unlawful or unauthorized processing;
- Personal data may not be transferred.
- Data may not be used for certain purposes such as direct marketing.
In addition, subjects of the data have certain rights. These include the right to access data held about themselves.