Information privacy or data protection laws prohibit the disclosure or misuse of information held on private individuals. Over 80 countries and independent territories have now adopted comprehensive data protection laws including nearly every country in Europe and many in Latin America and the Caribbean, Asia, and Africa. The US is notable for not having adopted a comprehensive information privacy law but rather having adopted limited sectoral laws in some areas.
These laws are based on Fair Information Practice, first developed in the United States in the 1970s by the Department for Health, Education and Welfare (HEW). The basic principles of data protection are:
In Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) went into effect on 1 January 2001, applicable to private bodies which are federally regulated. All other organizations were included on 1 January 2004. The PIPEDA brings Canada into compliance with EU data protection law.
PIPEDA specifies the rules to govern collection, use or disclosure of the personal information in the course of recognizing the right of privacy of individuals with respect to their personal information. It also specifies the rules for the organizations to collect, use, and disclose personal information.
The PIPEDA apply to:
The PIPEDA Does NOT apply to
As specified in PIPEDA:
"Personal Information" means information about an identifiable individual, but does not include the name, title or business address or telephone number of an employee of an organization.
"Organization"means an association, a partnership, a person and a trade union.
"federal work, undertaking or business" means any work, undertaking or business that is within the legislative authority of Parliament. Including
The PIPEDA gives individuals the right to:
The PIPEDA requires organizations to:
The right to data privacy is heavily regulated and actively enforced in Europe. Article 8 of the European Convention on Human Rights (ECHR) provides a right to respect for one's "private and family life, his home and his correspondence", subject to certain restrictions. The European Court of Human Rights has given this article a very broad interpretation in its jurisprudence. According to the Court's case law the collection of information by officials of the state about an individual without their consent always falls within the scope of Article 8. Thus, gathering information for the official census, recording fingerprints and photographs in a police register, collecting medical data or details of personal expenditures and implementing a system of personal identification has been judged to raise data privacy issues.