Search results

This paper considers the effectiveness of the Data Protection Act since its launch in 1984. The National Audit Office prepared a report in 1993, which was critical of the Data Protection Registrar, its implementation of the registration and the eight data protection principles of good practice. These criticisms are discussed here with a view to improving the Registrar's approach to data protection law, and its attitude to those who are required to register under the Data Protection Act.

The purpose of this paper is two-fold: to explore the legal issue of the importance of personal data protection in the digital economy sector and to propose a legal framework for personal data protection as a consumer protection strategy and accelerate the digital economy.

This study is legal research. The research approach used was the comparative approach and statute approach. The legal materials used are all regulations regarding personal data protection that apply in Indonesia, Hong Kong and Malaysia. The technique of collecting legal materials is done by using library research techniques.

The value of Indonesia’s digital economy is the biggest in the Southeast Asia region, but data breach is still a big challenge to face. The Indonesian Consumers Foundation (Yayasan Lembaga Konsumen Indonesia) recorded 54 cases of a data breach in e-commerce, 27 cases in peer-to-peer lending and 5 cases in electronic money. Based on the results of a comparative study with Hong Kong and Malaysia, Indonesia has yet no specific Act that comprehensively regulates personal data protection. Indonesia also does not have a personal data protection commission. Criminal sanctions and civil claims related to data breaches have not yet been regulated.

This study examines the data breach problem in the Indonesian digital economy sector. However, the legal construction of personal data protection regulations is built on the results of a comparative study with Hong Kong and Malaysia.

The results of this study can be useful for constructing the ideal regulation regarding the protection of personal data in the digital economy sector.

The results of the recommendations in this study are expected to develop and strengthen the protection of personal data in the Indonesian digital economy sector. Besides aiming to prevent the misuse of personal data, the regulation aims to protect consumers and accelerate the growth of the digital economy.

Indonesia needs to create a personal data protection act. The act should at least cover such issues: personal data protection principles; types of personal data; management of personal data; mechanism of personal data protection and security; commission of personal data protection; transfers of personal data; resolution mechanism of personal data dispute and criminal sanctions and civil claims.

The purpose of this study is to identify how the privacy policy can be framed for protection of personal data and how the latest judgement of full bench of Supreme Court of India has dealt with right to privacy in India.

The study uses the latest Supreme Court judgement on right to privacy and historical cases on right to privacy in India. This paper uses Indian Constitution as a source of Information for study along with case laws and judgements of different courts in India.

This paper tries to find if personal data privacy is a fundamental right in India. In addition, the paper provides recommendations to different concerned authorities on protecting personal information in online platform.

This study deals with privacy issues so far as Indian citizens are concerns and does not focus on other countries. Moreover, the study tries to understand the issue of fundamental rights from Indian Constitution perspective. In addition, the recommendations provided to the policymakers and other authorities of India have wide implications for formulation of new policy and management of personal data, so that it should not go to wrong hands and the personal data and privacy is protected of the citizens.

Millions of people put their personal information in online platform. In addition, there are few government initiatives in India such as Aadhaar card where the biometric information is taken from the residents of India, and in many cases, the personal data are compromised under various circumstances. As the personal data of the citizens are in question, thus the study has direct practical implication mainly for all the citizens whose personal data are available in online platform.

This study has social implication as it dealt with the “personal data” of the citizens of India. As the paper discusses the issue of protection of personal data in the context of right to privacy, thus this study has a direct social impact so far as online citizen of India is concerned.

This paper is timely, original and discusses the contemporary issue of online data privacy and fundamental right in India. This paper is a useful resource for the researchers, policymakers and online users who deal with personal data-, right to privacy and data privacy policy-related areas.

This paper gives an overview of the 1984 Data Protection Act and the implications for records managers who store information about people on a computer. The terminology of the Act and its eight principles are described, and criteria are given for deciding whether or not an organisation should register with the Data Protection Registrar.

Medical confidentiality derives from the Hippocratic Oath and has been affirmed in most codes of professional conduct, including the Irish Medical Council's guide to professional conduct and ethics. The Irish Data Protection Act 1988 and Amendment 2003 bring this responsibility into a legal forum. The aim of this audit is to assess how comprehensively medical tutors/consultants instilled knowledge and appreciation of confidentiality and data protection to medical students in a prominent Dublin University Hospital.

Breaches in data protection legislation by final year medical students were identified by means of a questionnaire. Changes were made to the curriculum (presentations, notices on students' e‐learning interface and induction manual) and to the exams in psychiatry, to increase awareness of data protection legislation. Students at the same point in their education were re‐assessed one year later to see if the interventions were helpful in increasing knowledge and improving adherence to data protection legislation.

Significant breaches of the data protection legislation at baseline and follow up were identified. Examples include: “Data shall be kept for one or more specified, explicit and legitimate purposes” – when asked if they would inform patients that assessments were for submission of a case report, 44 per cent at baseline and 56 per cent at follow‐up said yes. “Appropriate security measures shall be taken against unauthorised access” – 52 per cent password‐protected their computer at baseline and 59 per cent did at follow‐up. Of those that had no password protection at baseline, 70 per cent of their computers were used by others, with little change in this at follow‐up (68 per cent). At baseline 52 per cent kept a copy of reports on USB devices compared to 46 per cent at follow‐up. 26 per cent admitted to losing a USB device in the past. “Data should not be kept longer than is necessary for that purpose” – 63 per cent admitting keeping electronic copies of case reports on their computers following submission at baseline and 64 per cent at follow‐up. “Data should be made anonymous” – 96 per cent at baseline and 100 per cent at follow‐up used initials when submitting case reports to make the data anonymous.

What was disappointing was that, while knowledge and awareness of obligations under data protection legislation improved following intervention, breaches in compliance still remained.

This is the first such audit in Ireland on the provision of educational training in the area of data protection legislation to medical students. It is likely that that such breaches by medical students reflect the tip of the iceberg in relation to probable breaches amongst registered healthcare professionals. The challenge now facing the medical profession and healthcare services is to effect behavioural change to improve compliance with data protection legislation.

At present there are data protection laws in Austria, Canada, Denmark, France, Germany, Hungary, Iceland, Israel, Luxembourg, New Zealand, Norway, Sweden and the United States, and of course their United Kingdom. Legislation is in preparation in Belgium, and in Portugal and Spain, these last two countries proposing to deal with privacy issues by making provision in their respective constitutions. Because of their federal structure, Australia, Canada, Germany, Switzerland and the United States also have laws at the local — state, Land or Canton — level. Finland, Ireland, Italy, Japan and Yugoslavia have considered the protection of personal data to the extent of having reports prepared, which in some cases are being considered by their legislatures. Within the European Community therefore, five member states have data protection laws, two have legislation in process, and three, Ireland, Italy and Greece, have none. Ireland has a government report in preparation, and some aspects of individual privacy are covered by existing common‐law and other provisions. Italy has a government report in preparation, Greece so far as I know is not likely to take any action in the short term. Of course, because a country has no specific data protection laws it does not necessarily follow that there is no degree of control over information relating to individuals, along the lines for example of our own Consumer Credit Act of 1974, which established certain individual rights to be informed of, and be allowed to change or challenge, credit information.

Examines the ethical, legal and social context of academic library management with particular reference to the general treatment of personal information through data protection. Describes the legal background to data protection, including the Data Protection Act 1984 and the European Union Directive of 1995, and considers the implications for library management. Drawing on the results of a British Library Research and Innovation Centre‐funded impact survey of university libraries undertaken in 1995, examines in detail current data protection policies, practices and levels of awareness. Identifies a general need for greater awareness and knowledge and suggests some ways of rectifying the situation. Discusses current and future management issues and scenarios which influence the priority given to data protection and emphasizes the importance of giving it adequate attention.

Aims to investigate and analyse the extent to which individual privacy is being protected by recent legislation in the UK – in particular, the Data Protection Act (DPA) 1998 and the Human Rights Act (HRA) 1998. Employees are monitored for compliance with the law, company policy and morality reasons. The HRA 1998 introduced a legal right to privacy. The DPA 1998 included manually processed data in addition to the computerised records covered by previous legislation. Such change poses considerable challenges to organisations. Information concerning employees can be excessive, inaccurate and kept for longer than necessary. It can also be insecure – for example, being held in unprotected directories. Investigates the legal challenge facing public organisations. Assesses the level of awareness and informed opinion of the recent information privacy legislation within such organisations. Refers to PhD fieldwork, and to the implications of the changes for libraries. Finally, draws conclusions about the advisability of good practice models.

General Data Protection Regulation (GDPR) of the European Union (EU) was passed to protect data privacy. Though the GDPR intended to address issues related to data privacy in the EU, it created an extra-territorial effect through Articles 3, 45 and 46. Extra-territorial effect refers to the application or the effect of local laws and regulations in another country. Lawmakers around the globe passed or intensified their efforts to pass laws to have personal data privacy covered so that they meet the adequacy requirement under Articles 45–46 of GDPR while providing comprehensive legislation locally. This study aims to analyze the Malaysian and Saudi Arabian legislation on health data privacy and their adequacy in meeting GDPR data privacy protection requirements.

The research used a systematic literature review, legal content analysis and comparative analysis to critically analyze the health data protection in Malaysia and Saudi Arabia in comparison with GDPR and to see the adequacy of health data protection that could meet the requirement of EU data transfer requirement.

The finding suggested that the private sector is better regulated in Malaysia than the public sector. Saudi Arabia has some general laws to cover health data privacy in both public and private sector organizations until the newly passed data protection law is implemented in 2024. The finding also suggested that the Personal Data Protection Act 2010 of Malaysia and the Personal Data Protection Law 2022 of Saudi Arabia could be considered “adequate” under GDPR.

The research would be able to identify the key principles that could identify the adequacy of the laws about health data in Malaysia and Saudi Arabia as there is a dearth of literature in this area. This will help to propose suggestions to improve the laws concerning health data protection so that various stakeholders can benefit from it.