In October 2007 the British Prime Minister Gordon Brown had to personally apologize for the loss of two disks containing personal information of 25 million citizens leading to fears of breach of privacy. This breach was expected to cost the government 1.5 billion GBP. Its immediate effect was the resignation of the head of revenue and customs.
Closer home in Noida two BPO employees were arrested as they had leaked private information of clients of a leading British telecom company. The total loss was pegged at Rs.1.75 crore. Similarly in November 2005 Parsec Technologies had complained of data theft by one of its employees and subsequent investigations had led to the arrest of 4 people.
The above mentioned incidents could all have been avoided if a little precaution would have been taken for secure data protection. For example in
These incidents bring to the fore the increasing importance of data protection in consonance with greater awareness about privacy protection. An organization would choose to ignore this critical aspect only at its own peril. This article will try and explain the concept of privacy and data protection and will elucidate about the global standards in this field while also exploring the situation as it stands in
Privacy: -- Attempting a definition
Privacy is the ability of an individual or group to seclude them or information about themselves and thereby reveal them selectively. The boundaries and content of what is considered private differ among cultures and individuals, but share basic common themes.
For the purpose of this article we need to understand Data Privacy. Though the word privacy itself defies easy definition, privacy means many things in different contexts; different people, cultures, and nations have a wide variety of expectations about how much privacy a person is entitled to or what constitutes an invasion of privacy, the term Data Privacy can be defined as the evolving relationship between technology and the legal right to privacy in the collection and sharing of private data about ones self. It refers to concerns about how data is collected, stored and associated it also includes issues such as whether an individual has any ownership rights to data about them and/or the right to view, verify , challenge and modify any such data.
The Global Scenario: -- Emergence of Heightened Enlightenment
The law in the
The
The Canadian laws are one of the most stringent and comprehensive. There are multiple federal acts including the Canadian Charter of Rights and Freedoms, the Privacy Act and for data protection the Personal Information Protection and Electronic Documents Act (PIPEDA). Apart from this provincial level legislation also exists which account for more specific cases of personal privacy protection against commercial organizations examples of this are the Personal Information Protection Acts of Alberta and
The European Union is the centre of interests in these laws and its guidelines are by far the most strict. It has said that the EU countries will cease to part with any information it considers a matter of protection unless the other country also adheres to similar law as are in force in the EU. In EU data protection came in the year 1995 with the passage of EU directive 95/46/EC, popularly known as the Data Protection Directive. This directive relates to the processing of personal data and the movement of data. It lists several rules that companies have to abide by while collecting and using someone's personal data. The EU later issued directive 2002/58/EC to ensure that all member nations adopt the guidelines concerning the processing of personal data and the protection of personal privacy in the e-communications services. The EU directive provides for a 3 pronged approach; firstly personal ownership of data and individual consent for the use of data; secondly companies are allowed to use the data collected for only those purposes as are previously identified and thirdly it is only a set of minimum requirements and the member nations are free to take more stringent measures if they feel the need to do so.
Privacy in
While the European Union and the
Indian constitution has not yet granted but only reasoned this right. The existing law just affords a principle which if properly invoked may protect the privacy of the individual and Indian judiciary has been using judicial activism to widen the ambit of the Constitution of India, 1950, Article 21, where the seeds of the privacy rights may be found and extending the protection granted by it. In recent times, however, this right has acquired a constitutional status. This journey began in 1963, when for the first time the issue regarding Right to Privacy was raised in Kharak singh V/S State of
However, a detail analysis of the Right to Privacy was done by the Supreme Court in R. Rajagopal V/s State of
Supreme Court also laid down certain proposition defining right to privacy and thereby reconciling the two fundamental rights that is right to privacy and freedom of Speech. Important propositions laid down were:
(1) Right to privacy is implicit in the Constitution of India, 1950, Article 21. It means a right to be let alone. A citizen has a right to safeguard the privacy of his own, his family, marriage, procreation, child bearing and education amongst other matters. Position may, however, be different, if a person voluntary thrusts him into controversy or voluntarily invites or raises a controversy;
(2) There is an exception to this rule. Once a matter becomes a matter of public record, the right no longer subsists. However, in interest of decency (the Constitution of India, 1950, Article 19(2)) an exception must be carved out to this rule, namely, a female who is a victim of sexual assault, kidnap, abduction or a like offence must not be subjected to the indignity of her name and the incident being publicized in press/media; and
(3) The second exception to this right is that in case of public officials, this right is not available with regard to their acts and conduct relevant to the discharge of their official duties.
Need for a Privacy Statute in
There exists in
The urgency for such a statute is augmented by the absence of any existing regulation which monitors the handling of customer information databases, or safeguards the Right to Privacy of individuals who have disclosed personal information under specific customer contracts viz. contracts of insurance, credit card companies or the like. The need for a globally compatible Indian privacy law cannot be understated, given that trans-national businesses in the services sector, who find it strategically advantageous to position their establishments in
Issues that would need to be addressed by any prospective privacy legislation in
i. Limited Purpose
The particular purpose for gathering information by an organization must be specified at or before the time the information is collected.
ii. Safeguards
In the case of insurance companies or other customer service-related or data processing companies, the gathering and collation of personal information on individuals would need to be conserved and secured by a regulated data security system.
iii. Accountability
Corporates would need to establish a system whereby all information disclosure systems are duly audited/accounted and monitored, keeping in view the rationale/occasion for every disclosure made
iv. Prior Consent
Corporates could include express clauses in their agreements, which include an express authorization from the individual allowing the companies to use/disclose personal information for it’s own internal purposes or that of it’s affiliates or group companies.
v. Limits to Use, Disclosure and Retention
Any information sharing with other members of the insurance industry or with other corporate entities should be made only after seeking an express authorization from the customer.
vi. Information-Sharing
The confidentiality and sensitivity of such information makes it necessary for corporates to avoid any data sharing arrangement or customer information disclosure agreements without the prior consent of the individuals.
Conclusion
In conclusion, the issue that remains to be addressed, is not the shape of the prospective privacy legislation in
Join LAWyersClubIndia's network for daily News Updates, Judgment Summaries, Articles, Forum Threads, Online Law Courses, and MUCH MORE!!"
Tags :Corporate Law