The rapid expansion in trade and electronic communication over the last several years has raised much concern in the global market. The public, government, Policy makers, media have expressed need to develop policies and laws that are aimed at protecting personal information and business transactions (Bygrave, 1997). In the last decade a number of countries have adopted laws and policies to guarantee privacy as the world is integrated into a village by trade and ICT. The right to privacy has been acknowledged and ratified in several International convections.
Example is Article 12 of the United Nations International covenant on civil and political rights which states that “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence nor attacks upon his honor and reputation. Every one has the right to the protection of the law against interference of attacks” (Ibid, 1997). The aim of the Data protection Act, which was amended in 1998,is to provide for the regulation of the processing of information relating to individuals, including the obtaining, holding, use or disclosure of information (Bygrave, 1997).
The principles of the U. S Data protection Act, according to the Act include; that the information to be contained in personal data shall be obtained, and personal data shall be processed, fairly and lawfully, personal data shall be held only for one or more specified and lawful purposes, personal data held for any purpose or purposes shall not be used or disclosed in any manner incompatible with that purpose or those purposes, personal data held for any purpose or purposes shall be adequate, relevant and not excessive in relation to that purpose or those purposes, personal data shall be accurate and, where necessary, kept up to date, personal data held for any purpose(s) shall not be kept for longer than (Bennett, 1992).
This helps banks and customers to ensure that the customer information is held responsibly and the risks that relates to financial data are minimized. Besides, different countries have developed policies directed at protecting specific information. In US National Education Statistics Act of 1994 was enacted to tighten access to personal data collected in Education field (Bennett, 1992). There is no single law that provides a comprehensive treatment of data protection in US .
The privacy Act of 1994 and computer matching and privacy act deals only with how personal information held by Federal government should be handled (Ibid, 1992). Noticeably, United States has largely avoided legislation to govern the treatment of personal information in record held by other institutions other than the Federal government (Bennett, 1992). However the US has adopted laws to address the treatment of personal financial information in records systems held by private financial firms (Bygrave, 1997). Example is The Fair credit deporting Act which regulates the treatment of personal financial information held by consumer credit reporting agencies (Bygrave, 1997). Unlike U.
S, Europe adopted privacy protection laws through Omnibus legislation that cover both the public and private sectors (Bennett, 1992). Europe developed two supra-national policies to deal with data protection; the Council of Europe’s convention on data protection, and EU data protection directive (Ibid, 1992). EU data protection directive was adopted in October 1995. The directive sets standards for the treatment of personal data collected from individual and for individual right of access, notification and connection. Whereas EU states have adopted full approach to privacy legislation, United States have taken piece meal approach to deal with data protection and privacy.
EU recognizes privacy right on a fundamental right and hence it has been serious in implementing its laws and policies on data protection and privacy. To ensure data protection of citizens in the member states, EU data directive Article 25 provides that EU member states may transfer personal data only after determining that the third country in question ensures an adequate level of data protection (Bennett, 1992). In privacy and data protection regulation, US has largely maintained its policy on the private sector by not directly regulating the sector . The US privacy and data protection policy in Private sector has been self-regulatory. The Federal Trade Commission has been continuously working with the private sector to develop voluntary code of conduct Bygrave, 1997).
This self-regulatory approach is not sufficient to ensure adequate data protection and privacy. There have been cases that exhibit developments of data protection in Europe. In 2007, Germany increased the thresholds for the requirement for a data protection officer (Bennett, 1992). This has been done to ensure there is more vigilance to check on cases of private data invasion and intrusion. In France, The data protection and privacy regulator (CNIL) has sought to balance the restriction on collecting data relating to a person’s racial or ethnic origin in order to implement preventing racial and ethnic discrimination in the workplace (Ibid, 1992).