|
|
 |
|
Data Security Regulations - EMEA Legislation |
|
European Union Data Directive on Privacy (Directive 95/46/EC)
The European Union Data Directive on Privacy, (Directive 95/46/EC), is a legal measure covering the 27 European Union members and stating that certain personal information can not leave the EU unless it is going to a nation with privacy laws similar to those of the EU Directive. The directive became effective on Oct. 25, 1998. According to the law, individuals or organizations wishing to use online resources to access an EU citizen’s personal information must meet a series of privacy protection standards before EU nations will grant access to such information. Personal data should not be processed at all, except when certain conditions are met, the directive states. These conditions fall into three categories: transparency, legitimate purpose and proportionality. Each member state must set up an independent supervisory authority that will monitor the data protection level in that member state, give advice to the government about administrative measures and regulations, and start legal proceedings when data protection regulation has been violated. EU directives are addressed to the member states, and aren't legally binding for citizens in principle. The member states were charged with transposing the directive into internal law and all member states have enacted their own data protection legislation.
|
|
European Commission/U.S. Department of Commerce Safe Harbor Framework
The European Commission’s Directive on Data Protection prohibits the transfer of personal data to non-European Union nations that do not meet the European “adequacy” standard for privacy protection. While the U.S. and the European Union share the goal of enhancing privacy protection for their citizens, the U.S. takes a different approach to privacy from that taken by the EU. In order to bridge these different privacy approaches and provide a streamlined means for U.S. organizations to comply with the directive, the U.S. Department of Commerce in consultation with the EC developed a "Safe Harbor" framework. The safe harbor framework is set forth in a set of seven privacy principles: notice, choice, sensitive information, onward transfer, security, data integrity, access and enforcement. Decisions by organizations to qualify for the safe harbor are entirely voluntary, and organizations may qualify for the safe harbor in different ways. Organizations that decide to adhere to the principles must comply in order to obtain and retain the benefits of the safe harbor and publicly declare that they do so.
|
|
Austria Data Protection Law
Austria’s data protection laws are based on the EU Directive on Data Protection. The Austrian law passed on Jan.1, 1999, and went into effect in May, 2000. The law modified previous regulations for Austria. Previously, only automatic data processing was within the scope of the law, but the revised law also regulates manual processing. The regulations are the same for the public and private sectors. The Data Protection Authority can only investigate complaints in the public sector. Complaints about data processing in the private sector have to be dealt with by the civil court. The processing of sensitive data may be subject to prior checking by the Data Protection Authority, which received wider powers than before. There is a right to compensation in all cases where a breach of privacy has taken place. It is not necessary to prove causal material damage.
|
|
Belgium Data Protection Law
The Belgian Data Protection Law closely follows the EU Directive on Data Protection. In fact, Belgium has reproduced nearly word for word the terms of the EU Directive, including reproducing the data protection definitions of the EU Directive. An interesting innovation in the new Belgian law is the introduction of the concept "identifiable person" in the definition of personal data. According to the directive's recitals and the explanatory memorandum of the new Belgian law, an individual is identifiable when he can be identified either directly or indirectly by any reasonable means. The data subject, as in the previous system, is granted a right of access and of rectification. Two new rights are also granted to the data subject: the right to object, and the right not to be subject to an automated individual decision. The law prohibits the transfer of data to third countries, unless these countries provide for an adequate level of protection. In this sense, the law has reproduced the regime laid down by the directive. Similarly, it has provided for the same derogation: data subject's unambiguous consent.
|
|
Cyprus Data Protection Act
Cyprus approved a Data Protection Act in 2003, with primary provisions applying to the processing of personal data wholly or partly by automatic means and as part of a filing system. The law states that it will apply “to any processing of personal data, where this is performed: by a controller established in the Republic or in a place where Cyprus law applies by virtue of public international law; by a controller not established in the Republic who, for the purposes of the processing of personal data, makes use of means, automated or otherwise, situated in the Republic, unless such means are used only for purposes of transmission of data through the Republic. The law sets conditions for lawful processing of personal data. The collection and processing of sensitive data is prohibited. Transmission of data to third countries which have undergone processing or are intended for processing after their transmission to any country are permitted after obtaining a license. Licenses are granted by a commissioner who “shall issue the license only if he considers that the said country ensures an adequate level of protection.”
|
|
Czech Republic Act on Personal Data Protection
The Act on Protection of Personal Data in Information Systems was adopted by the Czech Republic in 1992 and regulated the protection of personal data for both government and private databases that are contained in an information system. However, there was no independent oversight agency to enforce the Act. On April 4, 2000, the new Act on Personal Data Protection was enacted and went into effect on June 1, 2000, replacing the 1992 Act on Protection of Personal Data in Information Systems. The Act implements the basic requirements of the EU Data Protection Directive. However, it grants exceptions to the police and intelligence services from many key provisions. The EU pressured the Czech Republic to move more quickly in adopting legislation for several years. In May 2001, the President signed an amendment to the Act exempting political parties, churches, sports clubs and other civic organizations from certain requirements. These organizations will no longer need to register their data protection activities or obtain the consent of individuals before collecting personal information.
|
|
Denmark Data Processing Act
In current Danish law there exists a multitude of statutory rules regulating use of personal data. The main rules are contained in the two data protection acts covering the private sector and public administration (both central and local government). Other important rules can be found in the acts on credit cards, titles to land, the mass media and public archives. Furthermore single rules are placed in many statutes. Denmark's Parliament passed, on May 25, 2000, a Data Processing Act that implements the EU Data Protection Directive. The Act (no. 429-5/31/00) came into force on July 1, 2000. The Act protects personal data of physical persons and, with respect to credit reporting, also covers legal persons. Protection is afforded in the private sector, public administration and in the courts. Digital processing is included together with manual files. In the private sector, other kinds of systematic manual processing related to sensitive data also are protected. Exemptions are made for the mass media and the secret services.
|
|
Estonia Personal Data Protection Act
Estonia’s first Personal Data Protection Act passed in July 1996. It was followed by the Databases Act of 1997, which regulated the establishment and maintenance of databases, and replaced the Soviet Socialist Republic State Registers Act of 1990. On Jan.1, 1997, the Estonian Data Protection Inspectorate was established under the Act. A new Personal Data Protection Act passed on Feb. 12, 2003, and went into effect on Oct. 1, 2003. The main task of the Data Protection Inspectorate became the independent supervision of the processing of personal data and keeping of databases, as well as organizing data protection activities. One of the most important functions of the Inspectorate is monitoring and improving legislation related to the Act.
|
|
Finland Personal Data File Act
In 1988, the first Personal Data File Act came into force, marking the first law concerning data protection in Finland. The Act was intended to prevent violations of integrity at all stages of data processing. The functional objective was to promote development and compliance of good data processing practices. On June 1, 1999, the Personal Data Act, which replaced the Personal Data File Act, came into force, but the main principles of the protection of privacy remained largely unchanged. The Personal Data Act accommodates the constitutional reform and the EU Data Protection Directive. The basic rights and freedom of individuals are more strongly emphasized in the processing of personal data.
|
|
France Data Protection Act
France’s Data Protection Act was enacted in 1978 and covers personal information held by government agencies and private entities. The Act provides that anyone wishing to process personal data must register and obtain permission in cases relating to processing by public bodies and for medical research. Individuals must be informed of the reasons for collection of information and may object to its processing either before or after it is collected. Individuals have rights to access information being kept about them and to demand the correction and, in some cases, the deletion of data. Fines and imprisonment can be imposed for violations. On July 15, 2000, the French Senate passed amendments to its 1978 Data Protection Act, bringing it formally into line with the EU Data Protection Directive. France was the last of the original 15 EU member states to implement the 1995 directive into national law. France’s data protection authority is the Commission nationale de l'informatique et des libertés (CNIL), an independent agency which enforces the Data Protection Act and other related laws. The commission takes complaints, issues rulings, sets rules, conducts audits, produces reports and ensures the public access to information by being a registrar of all data controllers' processing activities.
|
|
Germany Federal Data Protection Act
Germany has one of the strictest data protection laws in the European Union. The world's first data protection law was passed in the German Land of Hessen in 1970. In 1977, a Federal Data Protection Law followed, which was reviewed in 1990, amended in 1994 and 1997. The final revision took place in 2002 to be in line with the EU Data Protection Directive. The general purpose of the Federal Data Protection Law is "to protect the individual against violations of his personal rights by handling person-related data." The law covers collection, processing and use of personal data collected by public federal and state authorities (as long as there is no state regulation), and by non-public offices, if they process and use data for commercial or professional aims. The Federal Data Protection Commission (FDPC) is an independent federal agency that supervises the Federal Data Protection Act. Its chief duties include receiving and investigating complaints, as well as submitting recommendations to parliament and other governmental bodies. All of the 16 German states have their own specific data protection regulations that cover the public sector of the state administrations. All states except Sachsen have adopted new data protection laws pursuant to the EU Data Protection Directive. Each state also has a data protection commissioner to enforce the state data protection acts and supervise the private sector.
|
|
Greece Data Protection Act
The Constitution of Greece recognizes the rights of privacy and secrecy of communications. A Constitutional amendment in 2001 added a provision granting individuals a direct right to protection of their personal information. The new provision, Article 9A, states: "All persons have the right to be protected from the collection, processing and use, especially by electronic means, of their personal data, as specified by law. The protection of personal data is ensured by an independent authority, which is established and operates as specified by law." Article 19 of the Constitution protects the privacy of communications. The Law on the Protection of Individuals with regard to the Processing of Personal Data (Data Protection Act) was approved in 1997. Greece was the last member of the EU to adopt a data protection law and its law was written to directly adopt the EU Directive. The Hellenic Data Protection Authority (DPA) was established in November 1997 as an independent authority set to monitor privacy violations in Greece. It was created to supervise the implementation of the Data Protection Act and all regulations referring to the protection of personal data. The DPA is responsible for archival audits, issuing regulatory acts arising from legislation on data protection, and providing information and recommendations to interested parties to ensure compliance with data protection regulations
|
|
Hungary Data Protection Act
The Republic of Hungary’s Parliament passed a Data Protection Act on the fundamental rules governing the protection of personal data and the implementation of the right of access to data of public interest in 1992. The Act accompanies Hungary’s 1978 Misuse of Personal Data law, which government violations of statutory provisions governing the protection and processing of personal data and notification rules. Violations are considered a misdemeanor punishable by up to one year's imprisonment or a fine. Hungary defers to the EU Data Protection Directive on all other data protection and privacy issues.
|
|
Ireland Data Protection Acts
The Data Protection Acts, 1988 and 2003, place an obligation on persons to have appropriate measures in place to prevent "unauthorized access to, or alteration, disclosure or destruction of, the data and against their accidental loss or destruction." SI 626 of 2001, and later the Data Protection (Amendment) Act, 2003, introduced a new section into the 1988 Act designed to interpret the nature of security measures required to demonstrate compliance. When determining measures, a number of factors need be taken into account, including the state of technological development; the cost of implementing measures; the harm that might result from unauthorized of unlawful processing; and the nature of the data concerned. A further development introduced by the 2003 Act is the obligation on data controllers and data processors to ensure that their staff members are aware of security measures and comply with them. This guidance is intended as an indication of issues which data controllers and data processors may wish to consider when developing security policies.
|
|
Israel Protection of Privacy Law
In 1981, Israel passed a Protection of Privacy Law 5741-1981, 1011 Laws of the State of Israel 128; amended by the Protection of Privacy Law 5745-1985. The first legislative action was taken with the intent of regulating information, with particular attention to the growing prominence of computers in government work. The Privacy Law, amended twice since it first passed, is meant to guarantee consumer, data and privacy protection in Israel. The law protects an individual's privacy in three major areas: protection from advanced technology, protection from news media, and protection from information gathered in databases. According to the law, anyone who manages a database must report its purpose, the use made of it, the way the data is gathered, and the measures taken to protect it. The law adds that failing to register the database constitutes a criminal offense, subject to one year in prison. The law establishes a Registrar for databases, with whom any data collection containing data on individuals needs to be registered. The law affords legal protection for privacy of information in databases, to a level consistent with international standards.
|
|
Italy Decree on Minimum Security Measures for Data Protection
The Italian Government implemented European Community Directive 9/96 on the legal protection of databases on June 15, 1999. On Sept. 14, 1999, Italy enacted a decree containing the minimum security and data protection measures to be taken in electronic and conventional data processing systems. Comprising ten articles, the decree seeks to implement the Italian data protection legislation of 1996, as subsequently amended. More specifically, the privacy decree defines the technical, operational and procedural safeguards applicable for the guaranteeing of personal data integrity and security. A system of personal identification codes and administrative authorizations for processing and transmission of personal data is to be administered by the independent regulatory authority, the Garante per la tutela dei dati personali. In order to monitor the application of the law, the regulator will have to exercise its inspection powers and concurrent judicial protection for the individual on civil and criminal grounds.
|
|
Kuwait
The Constitution of the State of Kuwait has no discernable laws or regulations pertaining to data privacy and protection, security breaches or identity theft.
|
|
Latvia Personal Data Protection Law
Latvia's general law on data protection, the Personal Data Protection Law, was passed in 2000. It implements the European Union Data Protection Directive 95/46/EC into national legislation. On Oct. 24, 2002, the Latvian Parliament passed amendments to the law, holding that the provisions of the Personal Data Protection Law are applicable to the processing of personal data in the field of criminal law and domestic security. The Latvian Data State Inspectorate was established under Regulation No. 408 on Nov. 28, 2000, under the Statute of the Data State Inspectorate.
|
|
Lithuania Law on the Legal Protection of Personal Data
The legal grounds for the data protection are set in the Constitution of the Republic of Lithuania was adopted on Oct. 25, 1992, the Law on Legal Protection of Personal Data was adopted on June 11, 1996, and the most recent revision was enacted on Jan. 21, 2003, coming into force on July 1, 2003. Article 31 sets out the Functions of the Inspectorate, including administering the Register of Personal Data Controllers, and supervising the activities of the registered data controllers; examining personal requests and complaints; checking the lawfulness of personal data processing and take decisions in respect of the breaches of personal data processing; granting authorizations to data controllers to disclose personal data to data recipients in third countries. Article 32 grants powers to the Inspectorate, including powers to obtain access to premises where documents and equipment used for personal data processing are stored; to make recommendations and give instructions to data controllers with regard to personal data processing and protection; to take part in legal proceedings involving violations of international and national law on personal data protection.
|
|
Luxembourg Protection of Persons with Regard to Processing Personal Data Law
Luxembourg's first personal data legislation was an Act Concerning the Use of Nominal Data in Computer Processing, adopted in 1979. A decree of August 1979 created the Commission à la protection des données nominatives, which oversees the law and manages the National Register of Databanks along with the Minister of Justice. The Protection of Persons with Regard to the Processing of Personal Data Law, enacted on Aug. 2, 2002, was based on the implemented EU Data Protection Directive 95/46/EC. Luxembourg’s 2002 act enhanced the data protection authority, which now controls the processing of personal data in Luxembourg, and ensures compliance with the data protection regulations.
|
|
Malta Data Protection Act of 2001
The Maltese Data Protection Act of 2001 was introduced to render Maltese law compatible with EU Directive 95/46/EC. The Act came into force on July 15, 2003. The Data Protection Act provides for the protection of individuals against the violation of their privacy by the processing of personal data.
|
|
Norway Personal Data Act
Norway approved data protection legislation with the Data Registers Act of 1978. The Norwegian Data Inspectorate was established in 1980 to ensure compliance with the Act. Following the introduction of EU Directive 95/46/EC, the Norwegian Ministry of Justice appointed a committee to examine amendments to the Data Registers Act in order to bring Norway into line with EU standards. The Norwegian Personal Data Act was enacted on Jan. 1, 2001, and surpasses the EU Directive on the level of protection. The Act expressly covers data on collective entities such as corporations, partnerships and citizen initiative groups. The Act also rules that appropriate technical and organizational measures shall be taken against unauthorized or unlawful processing, accidental loss or destruction of personal data. Additionally, the Act specifies that personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
|
|
Poland Law on the Protection on Personal Data Protection
Poland’s Act on Personal Data Protection, based on EU Directive 95/46/EC, was approved on Aug. 29, 1997, and took effect on April 30, 1998. The Constitution of the Republic of Poland added articles that ensure the legal protection of the private and family life of citizens and limit the circumstances in which the state can gather personal data. Under the Law on the Protection of Personal Data Protection (LPPDP), personal information relating to identity may only be processed with the consent of the individual. Every citizen has the right to be informed whether databases exist with their personal information and who administers them. Personal information cannot be transferred outside of Poland unless the country has 'comparable' data protections. The law sets out civil and criminal sanctions for violations. In August 2001, the law was amended in order to bring it into full compliance with the EU Data Protection Directive. The amendment redefined the term 'personal data'; introduced a new provision relating to final decisions issued solely on the basis of automated processing of personal data; introduced a new provision on data processing in relation to performance of a contract; and adjusted a lawful processing provision. Poland’s Inspector General for Personal Data Protection enforces the LPPDP.
|
|
Portugal Data Protection Law
The Portuguese Constitution of 1976 contains a special provision on data protection that refers to the use of computerized data, and establishes rights and prohibitions. The Portuguese Data Protection Law was enacted in 1991, but with the implementation of EU Data Directive 95/46/EC amended its Data Protection Act on Oct. 27, 1998, to comply with EU directives. The Comissão Nacional de Protecção de Dados (CNPD) was established as the Portuguese Data Protection Authority. The CNPD is an independent body with powers of authority throughout the nation, charged with monitoring compliance. Personal data may be transferred freely between the EU Member States, but may only be transferred to countries that are not member states when they can ensure an adequate level of data protection according to the CNPD. Personal data applies to four rights by the law: to be informed; access to data; to object to processing; and not to be subject to automated individual decisions. The data subject may oppose any data processing that is connected with direct marketing and must be informed whenever such data is communicated to third parties, according to the law.
|
|
Slovakia Protection of Personal Data Act
Personal data protection was included as part of the protection of human rights in the Constitution of the Slovak Republic enacted on Sept. 1, 1992. The first dedicated legislation on data protection in Slovakia was the Protection of Personal Data Act, approved on Sept. 1, 2002, which introduced a more comprehensive system of protection in line with European law. The Slovakian directive defines the rights and obligations within the scope of data protection specifically for electronic communications, in association with a new Regulatory Package for Electronic Communications. Implementation of the laws is supervised by the Slovak Republic Ministry of Transport, Posts and Telecommunications. The Personal Data Protection Act also applies to processing personal data in the health care sector.
|
|
Slovenia Personal Data Protection Laws
Slovenia’s Personal Data Protection Laws of 1990 and 1991 were the first pieces of data protection legislation in the country. The laws were subsequently amended in 1999, 2001, 2002 and 2004 in order to render them in accord with EU Directive 95/46/EC. The Personal Data Protection Act establishes the functions of the Inspectorate to supervise the legality of data-processing; the application and appropriateness of the procedures and measures for personal data protection as laid down by internal regulations and inspect documentation relating to data-processing and the conveyance of data outside the country. Slovenia’s Human Rights Ombudsman also carries out independent supervision of the protection of personal data, supervising the regulations on personal data protection by the data administrators and users of personal data.
|
|
Spain Data Protection Act
The Spanish Constitution recognizes the right to privacy and data protection. Spain’s first Data Protection Act was enacted in 1992, and then was succeeded in 1999 by an amended Data Protection Act which brought Spanish law into line with the EU Data Protection Directive. The Act covers files held by the public and private sectors, and states that personal information may only be used or disclosed to a third party with the consent of the individual and only for the purpose for which it was collected. Additional protections are provided for sensitive data. The 1999 regulations also established measures to be taken to protect filing systems. The Agencia de Protección de Datos (APD) is charged with enforcing the Act and can investigate violations of the law. Amendments were made in 2002 and 2003 regarding Information Society Services, electronic commerce and patient autonomy involving rights in matters of clinical information and documentation. Spain’s 1998 Telecommunications Act guarantees the rights of individuals to use cryptography but also contains a provision allowing for a mandatory key recovery system.
|
|
Sweden Personal Data Act 1998
Sweden was among the first countries in Europe to introduce data protection legislation. The Data Act 1973 regulated the automated processing of files containing personal data. When the EU Directive 95/46/EC was introduced, the Swedish government translated the direction national legislation. The Personal Data Act 1998 was enacted on Oct. 24, 1998, replacing the Data Act of 1973. The Personal Data Act contains provisions designed to protect citizens against violations by the processing of personal data. Processing of personal data includes collection, recording, storage, adaptation or alteration, compilation or retrieval. The Act applies to personal data that is transmitted, disseminated or made available by other means.
|
|
Swiss Federal Act on Data Protection
Article 28(1) of the Swiss Civil Code governed data protection in the private sector prior to 1992. A Federal Office for Data Protection was established in 1991. The Federal Act on Data Protection was enacted on July 1, 1993, based on similar principles to the acts in force in other European countries. For the first time in Switzerland, the public and private sectors were subject to the same rules. The Act protects the privacy, interests and fundamental rights of data subjects, specifically the maintenance of good data file practice and the facilitation of international data exchange by providing a comparable level of protection. Data collected by private persons must not harm the privacy or personality of the data subject. The law covers data relating to both private and legal persons and applies to electronic data processing and manual files. Breaches of the law can be punished with fines or imprisonment. The Federal Data Protection and Information Commissioner (FDPIC) is appointed by the Federal Council and supervises compliance. In the private sector, the FDPIC serves as an ombudsman. The Federal Data Protection Commission is appointed by the Federal Council and serves as an appeal body in relation to decisions of government authorities with regard to data protection as well in relation to cantonal judgments based on public law on data protection.
|
|
The Netherlands Personal Data Protection Act
The Netherlands Constitution grants citizens an explicit right to privacy, including the recording and dissemination of personal data. The Netherlands Parliament passed the Personal Data Protection Act on July 3, 2000, and it entered into force on Sept. 1, 2001. The Act implements EU Directive 95/46/EC into Dutch law. The Act incorporated the previous Royal Decree on Data Protection, which was in force under the Personal Data Files Act. The Act supervises the compliance with all laws that regulate the use of personal data, including the Data Protection Police Files Act and the Municipal Database Personal Records Act. The Act regulates how companies, authorities and institutions are to deal with personal data which they gather, store, keep on file, compare, link, consult or provide to third parties. Organizations may only gather and process personal data if there is good reason to do so or if the person involved has personally given permission. Furthermore, organizations making use of personal data must inform the people involved what will be done with the information. Companies, authorities and institutions must report the processing of personal data to the Dutch Data Protection Authority. In May 2000, the Commission for Constitutional Rights in the Digital Age presented proposals for changes to the Dutch Constitution to cover technology-neutral and provide the right to confidential communications.
|
|
Turkey
The 1982 Turkish Constitution provides basic privacy rights to citizens, but does not specifically address data security issues. The Turkish Ministry of Justice reportedly has been working on data protection legislation for several years without success. In 2000, a working party was established to facilitate legislation, but there have been no reports of any progress and a public draft has not been issued.
|
|
Ukraine
The Constitution of Ukraine, ratified on June 28, 1996, guarantees the right of privacy and data protection. Citizens are guaranteed judicial protection of the rights to rectify incorrect information, demand that any type of information be expunged and compensation for material and moral damages inflicted by the collection, storage, use and dissemination of incorrect information. There have been efforts to enact a data protection act for several years, but no data protection act has yet been enacted.
|
|
United Arab Emirates
The United Arab Emirates has no specific national law for data protection. The UAE constitution grants the right to privacy and the UAE Penal Code protects individuals from the interception and disclosure of data. Of the seven emirates that make up the UAE, only Dubai has enacted an Electronic Transactions and Commerce Law that deals with data protection issues. The ETCL, passed in 2001, is a combination of laws such as the UNCITRAL Model Law on Electronic Commerce adopted by the United Nations, Singapore’s Electronic Transactions Act of 1998 and local specifications. The ETCL aims to remove barriers to e-commerce and other e-transactions, facilitates the submission of e-documents to government departments and is intended to boost the public’s confidence in the security and accuracy of e-transactions, e-messages and e-registers. The ETCL makes it voluntary for a person to use or accept information electronically. The Electronics Transactions Law No. 1 of 2006 regulates electronic records, documents and signatures connected with electronic transactions and e-commerce. Penalties for violations have been incorporated into the law, including fines and imprisonment.
|
|
United Kingdom Data Protection Act 1998
The UK 1998 Data Protection Act came into force early in 1999 and covers how information about living identifiable persons is used. It is much broader in scope than an earlier 1984 Data Protection Act. The 1998 Data Protection Act makes clear demands upon organizations as to when terms of the security that must be applied to protect personal data. The details of the Data Protection Act are quite complex, but at the heart of it are eight rules known as the Data Protection Principles. These require personal information to be: fairly and lawfully processed; processed for limited purposes; adequate, relevant and not excessive; accurate; not kept longer than necessary; processed in accordance with your rights; kept secure; not transferred abroad without adequate protection. Organizations using personal information must comply with these principles.
|
|
|
| Looking for more information? |
|
|
|
 |
|
E-waste and Environmental Regulations Database |
|
|
|
|
Mounting pressures regarding the environmentally and socially responsible management of e-waste are triggering more stringent laws around the globe. Redemtech’s E-waste and Environmental Regulations Database delivers information about regulations, directives, national decrees, statutes, ordinances and pending e-waste and environmental legislation. |
|
|
|
|
Data Security Regulations |
|
|
|
|
Legislation governing the protection of consumer privacy and identify theft continue to propagate on a global, federal, state and local level. Redemtech’s Data Security and Privacy Regulatory Database documents applicable regulations, established laws, constitutional amendments and pending legislation for many nations around the globe. |
|
|
