Data and Database Protection Legislation

Data and Database Protection Legislation

Over eighty countries and independent territories have data protection laws in place. In a world where we shop, interact, search and learn online, there is a whole lot of data collected by companies. Data protection legislation is in place by governments to prohibit the misuse of information held on individuals and to keep it private. The United States is noted for not adopting a privacy law but instead as adopting limited laws on data protection in some areas. Meanwhile, the United Kingdom has recently passed the Investigatory Powers Bill – also known as the Snooper’s Charter – which requires Internet service providers to keep the search records of every customer for one year. Each country does it differently, but many of the key principles of their data protection are very similar.

As mentioned previously, the USA does not have one specific law in place regarding data protection. The issue is not highly regulated either and access to private data may be granted when an individual is seeking employment, medical care, housing or purchases on credit. However, the laws that the U.S. does have in place are based on the Fair Information Practice developed in the 1970s.

Here are some examples:

Purpose: every single bit of data collected should have a purpose behind it. You are not allowed to collect data just to have more information on people, but because it might improve an experience. Deleted: when there is no longer a need for data, it should be deleted and removed from the database where it is stored. Consent or law: the U.S. legislation states that information collected can’t be shared with other organisations or individuals unless given consent by the individual or authorised by law.

In the United Kingdom, data security legislation is more prevalent than it is in the United States. The Data Protection Act (DPA) of 1998 is the main piece of legislation that governs the protection and security of data on identifiable people in the UK. The key principles of the DPA are similar to the ones set out by the U.S. Here are some examples of UK legislation different to that of the U.S.:

Relevant: the DPA states that any personal data should be relevant and not excessive in relation to the purpose of its collection. This means that only necessary data can be collected on individuals. Measures will be taken: if data is processed unlawfully or without authorisation, appropriate technical and organisational measures should be taken. This also applies to the accidental loss or destruction of personal data.

Both the United States and the United Kingdom agree on personal data being destroyed when no longer needed, the accuracy of data being maintained and that there should be a purpose for data collection and storage.

The reason for the need for data protection is due to the increasing influence of the Internet and the potentiality for disaster if data is leaked. Developers of applications for mobiles need to adhere to the DPA and legislation in place by the U.S. government as well as software designers and social networking sites. Online legislation is perhaps what many see as most necessary to monitor due to the sheer volume of data collected by websites.

Data protection and security is without a doubt a key issue in today’s society. With so many people spending time online and sharing data with companies in the process, the security of the databases is paramount in ensuring people do not become targets or vulnerable because of information that has been collected on them. Legislation is arguably the most efficient method of ensuring that data protection is one of the fundamental points companies deal with and do so in a way beneficial to the individual.

Read more about data and database protection legislation in this section.

No posts to display