Protect you computer and your data


How to maintain data privacy

Data privacy refers to the evolvingConvention on Human Rights (ECHR)
relationship between technology and theprovides a right to respect for one's
legal right to, or public expectation of"private and family life, his home and
privacy in the collection and sharing ofhis correspondence", subject to certain
data.restrictions. The European Court of
Privacy problems exist wherever uniquelyHuman Rights has given this article a
identifiable data relating to a personvery broad interpretation in its
or persons are collected and stored, injurisprudence. According to the Court's
digital form or otherwise. Improper orcase law the collection of information
non-existent disclosure control can beby officials of the state about an
the root cause for privacy issues. Theindividual without his consent always
most common sources of data that arefalls within the scope or article 8.
affected by data privacy issues are:Thus, gathering information for the
* Health information.official census, recording fingerprints
* Criminal justice.and photographs in a police register,
* Financial information.collecting medical data or details of
* Genetic information.personal expenditures and implementing a
* Location information.system of personal identification have
The challenge in data privacy is tobeen judged to raise data privacy
share data while protecting theissues. Any state interference with a
personally identifiable information.person's privacy is only acceptable for
Consider the example of health datathe Court if three conditions are
which are collected from hospitals in afulfilled: (1) the interference is in
district; it is standard practice toaccordance with the law, (2) pursues a
share this only in the aggregate. Thelegitimate goal and (3) is necessary in
idea of sharing the data in thea democratic society. For more
aggregate is to ensure that onlyinformation, please refer to Human
non-identifiable data are shared.Rights Handbook no. 1 (PDF) or the
The legal protection of the right toCouncil of Europe data protection page.
privacy in general and of data privacyThe government isn't the only one who
in particular varies greatly around themight pose a threat to data privacy, far
world.from it. Other citizens, and private
The Universal Declaration of Humancompanies most importantly, engage in
Rights states in its article 12 that:far more threatening activities,
No one shall be subjected to arbitraryespecially since the automated
interference with his privacy, family,processing of data became widespread.
home or correspondence, nor to attacksThe Convention for the Protection of
upon his honour and reputation. EveryoneIndividuals with regard to Automatic
has the right to the protection of theProcessing of Personal Data was
law against such interference orconcluded within the Council of Europe
attacks.in 1981. This convention obliges the
Protecting privacy in informationsignatories to enact legislation
systemsconcerning the automatic processing of
Increasingly, as heterogeneouspersonal data, which many duly did.
information systems with differentAs all the member states of the European
privacy rules are interconnected,Union are also signatories of the
technical control and logging mechanismsEuropean Convention on Human Rights and
(policy appliances) will be required tothe Convention for the Protection of
reconcile, enforce and monitor privacyIndividuals with regard to Automatic
policy rules (and laws) as informationProcessing of Personal Data, the
is shared across systems and to ensureEuropean Commission was concerned that
accountability for information use.diverging data protection legislation
There are several technologies towould emerge and impede the free flow of
address privacy protection in enterprisedata within the EU zone. Therefore the
IT systems. These fall into twoEuropean Commission decided to harmonize
categories: communication anddata protection regulation and proposed
enforcement.the Directive on the protection of
Policy Communicationpersonal data, which member states had
P3P - The Platform for Privacyto transpose into law by the end of
Preferences. P3P is a standard for1998.
communicating privacy practices andThe directive contains a number of key
comparing them to the preferences ofprinciples which must be complied with.
individuals.Anyone processing personal data must
Policy Enforcementcomply with the eight enforceable
XACML - The eXtensible Access Controlprinciples of good practice.
Markup Language together with itsThey say that data must be:
Privacy Profile is a standard for* Fairly and lawfully processed.
expressing privacy policies in a* Processed for limited purposes.
machine-readable language which a* Adequate, relevant and not excessive.
software system can use to enforce the* Accurate.
policy in enterprise IT systems.* Not kept longer than necessary.
EPAL - The Enterprise Privacy* Processed in accordance with the data
Authorization Language is very similarsubject's rights.
to XACML, but is not yet a standard.* Secure.
WS-Privacy - "Web Service Privacy" will* Not transferred to countries without
be a specification for communicatingadequate protection.
privacy policy in web services. ForPersonal data covers both facts and
example, it may specify how privacyopinions about the individual. It also
policy information can be embedded inincludes information regarding the
the SOAP envelope of a web serviceintentions of the data controller
message.towards the individual, although in some
North Americalimited circumstances exemptions will
Data privacy is not highly legislated orapply. With processing, the definition
regulated in the U.S.. In the Unitedis far wider than before. For example,
States, access to private data isit incorporates the concepts of
culturally acceptable in many cases,'obtaining', 'holding' and 'disclosing'.
such as credit reports for employment orFor more details on these data
housing purposes. Although partialprinciples, read the article about the
regulations exist, for instance thedirective on the protection of personal
Children's Online Privacy Protection Actdata or visit the EU data protection
and HIPAA, there is no all-encompassingpage.
law regulating the use of personal data.All EU member states adopted legislation
The culture of free speech in the U.S.pursuant this directive or adapted their
may be a reason for the reluctance toexisting laws. Each country also has its
trust the government to protect personalown supervisory authority to monitor the
information. In the U.S. the firstlevel of protection.
amendment protects free speech and in* In the United Kingdom the Data
many instances privacy conflicts withProtection Act 1984 was repealed by the
this amendment. In many countriesData Protection Act 1998. For details,
privacy has been used as a tool tovisit U.K. data protection page or read
suppress free speech.the article about the Information
The safe harbor arrangement wasCommissioner
developed by the US Department of* France adapted its existing law (law
Commerce in order to provide a means forno. 78-17 of 6 January 1978 concerning
US companies to demonstrate complianceinformation technology, files and civil
with European Commission directives andliberties). More information is
thus to simplify relations between themavailable on the website of the CNIL
and European businesses.CNIL (in French only) (Commission
Very few states recognize anNationale de l'Informatique et des
individual's right to privacy, a notableLibertés)
exception being California. An* In Germany both the federal government
inalienable right to privacy isand the states enacted legislation. For
enshrined in the Californiadetails, visit the page of the Federal
Constitution's article 1, section 1, andData Protection Commissioner
the California legislature has enacted(Bundesbeauftragter für den
several pieces of legislation aimed atDatenschutz).
protecting this right. The CaliforniaSafe Harbor Program
Online Privacy Protection Act (OPPA) ofThe US Department of Commerce created
2003 requires operators of commercialthe Safe Harbor certification program in
web sites or online services thatresponse to the 1995 Directive on Data
collect personal information onProtection (Directive 95/46/EC) of the
California residents through a web siteEuropean Commission. Directive 95/46/EC
to conspicuously post a privacy policydeclares in Chapter IV Article 25 that
on the site and to comply with itspersonal data may only be transferred
policy.from the EU to countries which provide a
In Canada, the Personal Informationlevel of privacy protection equivalent
Protection and Electronic Documents Actto that of the EU. This introduced a
(PIPEDA) went into effect in relation tolegal risk to organizations which
federally regulated organizations on 1transfer the personal data of European
January 2001, and in relation to allcitizens to servers in the USA. Such
other organizations on 1 January 2004.organizations could be penalized under
It brings Canada into compliance withEU laws if the privacy protection of the
the requirements of the EuropeanUSA were to be deemed weaker than that
Commission's directive. For moreof the EU. The Safe Harbor program
information, visit the website of theaddresses this issue. Under this
Privacy Commissioner of Canada.program, the European Commission agreed
Europeto forbid European citizens from suing
The right to data privacy is heavilyUS companies for transmitting personal
regulated and rigidly enforced indata into the USA.
Europe. Article 8 of the European



1 A B C 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105