A very popular case in UK where the body in charge of fighting security breaches (FSA), applied for a fine of almost 1 million on Nationalwide Building society. FSA found that Nationwide’s security system and controls were inadequate and it has breached principle 3 of FSA’S . In that case it emerged that a laptop had been stolen from home of an employee in Aug 2006 and it contained customer Information (Bennett, 1992). There by Nationalwide building management failed to adequately deal with breach of security.
In another case, the UK Information commissioner Officer (ICO) implicated eleven banks in a breach of their obligation as data controllers under Data protection Act of 1998 (Bygrave, 1997). These banks included The Royal Bank of Scotland, National Westminster Band plc, Barclays Bank plc, and the Co-operate Bank plc. They were found to have disposed off documents containing personal data of their customers in waste receptacles.
As in the case above, all EU member states have been implementing privacy and data protection policies that adequately address the needs of traders and consumers in the region. In US, the level of adequacy of policies and laws to address the customers needs differ from state to state (Bennett, 1992). Some states have developed and adopted policies and legislation that guarantees adequate protection of consumer and traders in this digital age. In Minnesota State, retailers will be fined for data compromises when they violate industry standards of data protection under the state’s law (Ibid, 1992).
The law adopts payment Card Industry Association (PCIA) data protection standards which provides that firms not to retain data from a card, including security codes, PINS, and magnetic strip data, for more than two days after the transaction is approved . However, federal government do not have clear-cut protection on private data and privacy especially in private sectors. Federal government can also obtain IP address of websites a person has surfed without a warrant (Bennett, 1992). In the case, U. S vs.
Forrester, it was held that unlike the content of those communications, the header information does not violate a reasonable expectation of privacy under the fourth amendment of the constitution (Bygrave, 1997). Also a sixth circuits panel held that web users have a reasonable expectation of privacy is the content of their email, even where the ISP has a contractual right to look at the email. Its implied that, unless the user policy proves for monitoring, inspecting or auditing of an account, the is a societal expectation that the ISP or the phone company will not read the contents as a matter of course.
The court in the ruling likened it to ISP scanning email for child pornography or spam, or post office scanning for drugs or explosives. In contrast, in 2007, a Europe court of human rights ruled that a U. K employer was wrong in law in monitoring the private mail, phone and interest use of one of its employees. In that case of Copland vs. United Kingdom, the court quoted articles of the Europe conventions on human rights. In conclusion, data protection and privacy has been a great issue since the advent of digital era. The governments are under obligation to ensure the privacy of consumers and traders is guaranteed.
In Europe, there is adequate data protection and privacy. In U. S there is inadequate data protection and privacy to consumers and private institutions. The U. S government should consider regulating private institution in relation to privacy and data protection through legislation.
Reference: Bennett, Collin J. (1992). Regulating Privacy: Data Protection and Public Policy in Europe and U. S. Ithaca: Cornell University press. Bygrave, Lee A. (1997). Data Protection pursuant to the Right to privacy: International Journal of Law and Information Technology 6(3).