Information Technology Reference
In-Depth Information
direct impact on corporate profit. Therefore, if the
businesses want to keep defection rate low, they
need to give adequate protection for the privacy
protection (Ctverdialogue.com, 2001). On this
issue,
Pichler
stated that revenues in e-activities
have not met the expectation at all, at least not in
all part of the world. According to him the principle
reason up to date that contributed for the failure
to meet the target is a lack of trust and confidence
in the marketplace (Picher, 2000).
The ability of the technology to build up per-
sonal profile in a matter of minutes, at minimal cost
deters the netizens and in particular the e-health
users from full utilization of the technology. As
a response to this, the European Union passed
the European Union Directive on Personal Data
Protection in 1995 (EU Directive), which was
adopted by the member countries, establishing
comprehensive standards for the prevention of
the unauthorized dissemination of personal in-
formation among various companies both inside
and outside. The EU Directive was praised as an
effort to provide better protection for Net users'
privacy and to harmonize domestic laws in order
to promote unifying market in EU. However, the
Directive had repeatedly come under strong criti-
cism on the prohibition of transfer of personal data
to a third country which does not have adequate
protection for such information. The Directive is
seen as unilaterally decided and having extrater-
ritorial implication which is different from OECD
Guideline for Privacy. The implication of the
Directive is, however, far-reaching. Now there
are two types of grouping among the countries
relating to regulation of personal data. The first
type of countries has taken initiatives to amend
the existing law or to enact new law concerning
data protection. The second type of countries is
insisting on having less regulation on data privacy
or no regulation. Malaysia falls in the first category
which elected to enact a similar new legislation.
The Directive in article 3.1 requires that the
processing of personal data wholly or partly by
automatic or manual means should be in compli-
ance with the guidelines and the rules which are
applicable to both public and private sector. The
Directive places certain privacy principles to be
complied with whenever personal data are col-
lected held, processed or used by the user. The
principles in article 6 are:
1. The personal data must be processed fairly
and lawfully. Therefore, the data must always
be obtained from the data subject directly.
The collection of data using the new technol-
ogy without the express consent will also be
in contrary to this principle. However, article
3.2 excludes the requirement of obtaining
data from the data subject directly if the
data is collected for operations concerning
public security, defence, State security, and
the activities of the State in areas of criminal
law and journalistic purposes.
2. The collection must be for specified explicit
and legitimate purposes: This provision re-
quires that the data is not to be processed in
a manner inconsistent with the purpose for
which they were obtained.
3. The data collected must be adequate, relevant
and not excessive in relation to the purpose,
for which the data was collected: The data
users should not collect more than adequate
information for the required purpose. Once
the purpose of collecting the information
ceases, the personal data must be erased,
unless erasure is prohibited by any law. In
Community Charge Registration Officers
of Runnymede Borough Council, South
Northamptonshire District Council and
Harrow Borough Council
v
Data Protection
Registrar
(DA/90 24/49/3), the tribunal
found that whilst the holding of some addi-
tional information was permissible in certain
circumstances, the holding on a database of
a substantial quantity of property informa-
tion obtained from voluntary answers on
the canvass forms was far more than was
necessary for the purpose.
Search WWH ::
Custom Search