Is Bangladesh ensuring citizens' confidentiality?
MORE often than not when we think of ourselves being a private individual- a citizen of Bangladesh- a consumer, we think about what we purchase through a physical exchange of money for goods or services, ranging from things as simple as fruit or grain to home appliances to cable television, either in a store or through an online exchange where they enter in our credit card information and receive our purchase. Certain services that we- citizens' use may, by its very nature, put an extraordinary amount of sensitive personal information into the hands of vendors. Typical examples include hospitals, banks and telecommunications.
The Organisation for Economic Co-operation and Development (OECD) guidelines drafted in 1980 provided a useful set of 'fair information practices' within which confidentiality of citizens may be evaluated. Briefly, the major principles declared were: 1) there should be limits to the collection of data, 2) data should be accurate and relevant to the purpose collected, 3) there should be openness about data policies and changes thereof and 4) enabling the individual to find out if data is being held about him and to obtain a copy of the data and make corrections.
The European Union (EU) data protection directive is another broad directive adopted by the European Union designed to protect the confidentiality of all personal data of EU citizens collected and used for commercial purposes, specifically as it relates to processing, using, or exchanging such data. It established a broad regulatory framework which sets limits on the collection and use of personal data, and requires each Member State to set up an independent national body responsible for the protection of data. In the United States of America (USA) the most comprehensive act for the citizens is the Fair Credit Report Act, which was passed in 1970. Enforcement of the Act is vested in the Federal Trade Commission. The FCRA applies to how citizens' information is collected and used, and applies to insurance, employment, and other non-credit transactions.
In India, broadly, there are four potential avenues for the protection of citizens' confidentiality. Firstly, individual organizations may voluntarily commit to protect the information of their clients through “Confidentiality Policies”. Secondly, certain professions and industries have codes of confidentiality that they must statutorily abide by. Thirdly, citizens' confidentiality may be enforced by the specialised Consumer Dispute Tribunals and lastly, the newly amended Information Technology Act imposes an obligation on anyone controlling data to indemnify against losses caused by the leakage/ improper use of that data.
The International Guide to Confidentiality suggests the following be included in confidentiality policies:- i.e. description of the personal information collected by the website and third party, description of how the information is used and list of parties with whom it may be shared, a list of the options available regarding the collection, use, sharing and distribution of the information, a description of how inaccuracies can be corrected, a list of the websites that are linked to the organization's site and a disclaimer that the organization is not responsible for the confidentiality practices of other sites, a description of how the information is safeguarded against loss, misuse, and alteration, consent for use of personal information.
In Bangladesh the Information and Communication Technology Act included a relief to people when a breach of confidentiality is occasioned by the leakage of data from computerised databases. While categorising- what is not open? The Right to Information Act clarified no information which would harm the confidentiality of the personal life of an individual needs to disclosed. The Consumer Protection Act was enacted with the objective to provide for better protection of the interests of the citizens' has emerged as a major source of possible relief to those who have suffered violations of their confidentiality.
It is important to consider some salient elements when looking at an effective protective regime for citizens' confidentiality- i.e. a) is a comprehensive data protection more suited to the needs of Bangladesh? b) does Bangladesh want to become compliant with international standards for data protection? c) how will confidentiality policies be enforced and how will organizations be held accountable for the protection of client confidentiality under the legislation? d) will citizens' be notified if their information is breached? If so what will be included in the breach notification? e) how can legislation ensure that citizens are aware of their confidentiality rights? and finally f) how can confidentiality legislation address the need for different levels of protection for different types of data?
The writer is a lawyer and socio-legal analyst.
Comments