Page 310 - DMGT308_CUSTOMER_RELATIONSHIP_MANAGEMENT
P. 310

Unit 12: Customer Privacy




          heavy handed enforcement, many of the countries in South East Asia have preferred the light  Notes
          handed self-regulator. However, as noted above, the core principles are by and large common
          amongst the countries and as described in  legislature, some of the common principles for
          privacy legislations may be enumerated below:
          (i)  Notice

          (ii)  Choice and Consent: Consent of the individual before his personal information is collected
               and maintained.
          (iii)  Collection Limitation: Only that information is to be collected that is  essential for the
               purpose.
          (iv)  Use Limitation: Information is to be strictly used for the purpose for which it was collected.
          (v)  Access and Correction: An individual should be allowed access to his information and he
               should be enabled to correct/update his information.
          (vi)  Security: Data is to be secured against accidental loss or theft.
          (vii) Disclosure to third party: Individual’s consent is required for disclosure of his personal
               information to third parties.
          (viii) Openness: The data controller would be transparent in his working as regards the collection
               and use of personal data.
          (ix)  Accountability
          (x)  Preventing Harm: to the individual whose personal information is  being stored by the
               private or government entity. It is recommended that these principles be adopted for the
               proposed framework also.

          12.1.13 Proposed Framework for Privacy Legislation

          Based  on  the  above a  framework  is  being  outlined  in  subsequent  paragraphs.  The  key
          recommendation is that the legislation should really be in the form of framework rather than
          detailed prescriptions.
          It should highlight the basic principles that any data controlling authority will need to subscribe
          to and how the privacy rights of an individual would be protected. Thereafter the sector-specific
          or industry specific detailed guidelines will be prepared and approved by the regulator which
          would also be responsible for enforcing the legislation. The specified features of the framework
          are discussed below in detail:


          Applicability
          Almost all data protection legislations have a well defined applicability clause, determining the
          persons who have to comply with the obligations set out therein. Of the statutes examined, 5%
          are  applicable  only to  public bodies  and  3%  are  applicable  only  to  private  persons.  An
          overwhelming majority (92%) of the countries reviewed have made their enactments applicable
          to both public and private entities. Most legislations exclude from the ambit of the legislation,
          information that is solely in the domestic or household sphere and for strictly personal reasons.

          Recommendation

          It is strongly recommended  that the proposed data  protection legislation apply equally  to
          private as well as public entities.




                                           LOVELY PROFESSIONAL UNIVERSITY                                   305
   305   306   307   308   309   310   311   312   313   314   315