© Solix TechnologieS, inc.
Meeting Data Privacy Requirements
Privacy has many definitions; the UK uses the following definition: the right of an individual to be protected against intrusion into his personal
life or affairs by direct physical means or by publication of information. Data privacy is covered under several regulations. The two categories of
privacy laws are comprehensive and sectoral.
comprehensive laws are general laws that govern the collection, use and dissemination of personal information by public and private sectors.
comprehensive laws are written and enforced by a country’s government. The UK, canada and Australia have comprehensive laws. United
States did not adopt a comprehensive privacy law, instead have a patchwork of federal and state laws that cover specific categories of personal
information ie. financial reports, credit reports, video rentals, etc.
An example of a US sectoral law is illustrated in the Privacy Act of 2003.
criminalizes the misuse, purchase, sale or disclosure of an individual’s social security number without individuals permission
Attempts to preempt identity theft and other types of theft by prohibiting the display and usage of social security numbers and their
derivatives on federal documents also, by putting the responsibility on the commercial entities
Provides legal recourse for FTc on behalf of individuals for misuse, trafficking of personal identifiable information in between commercial
entities and nonaffiliated third parties.
When data travels between countries with different regulations – sectoral and comprehensive – there is a potential for conflict. The Safe harbor
Act was negotiated between the US and the european Union to define a set of regulations for when data and information travels across borders
with different levels of privacy regulation. however, because the Act depends on self-regulation, much could be done to improve governance of
compliance when data travels across borders. Because each country has a different se