Everyone is talking about data privacy regulations. I thought it would be a good idea to share some of the data protection related legislations worldwide. It is not an exhaustive representation.

1. California legislation SB-1386:

Any agency, person or business that conducts business in California and owns or licenses computerized ‘personal information‘ are required to disclose any breach of security (to any resident whose unencrypted data is believed to have been disclosed).

2. Gramm-Leach-Bliley:

The Financial Modernization Act of 1999, also known as the “Gramm-Leach-Bliley Act” or GLB Act, includes provisions to protect consumers’ personal financial information held by financial institutions. There are three principal parts to the privacy requirements: the Financial Privacy Rule, Safeguards Rule and pretexting provisions.

3. Health Insurance Portability and Accountability Act (HIPAA):

The U.S. Department of Health and Human Services (“HHS”) issued the Privacy Rule to implement the requirement of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). The Privacy Rule standards address the use and disclosure of individuals’ health information—called “protected health information” by organizations subject to the Privacy Rule — called “covered entities,” as well as standards for individuals’ privacy rights to understand and control how their health information is used.

4. EU Regulation (27 Member State) - Personal Data Protection Directive:

The EU Directive on Data Protection (DDP) of 1998 is a framework that stipulates the minimum data protection legislation EU member countries must have in place. The legislation is intended to protect the rights of EU citizens regarding the processing of their personal data. Any organization doing business in one or more EU countries must comply with the national data privacy legislation of each member country in which it operates.

5. Canadian Regulation - Personal Information Protection and Electronic Documents Act:

Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) ensures the protection of personal information. The PIPEDA applies to “any work undertaking or business that is under the legislative authority of Parliament.” Organizations must protect personal information regardless of the format by:

• Developing and implementing a security policy.

• Using appropriate security safeguards, including physical measures, technological tools (passwords, encryption, firewalls and anonymizing software) and organizational controls.

• Removing or masking any personal information that has no relevance when providing copies of information.

6. UK Regulation - Data Protection Act:

The Data Protection Act (DPA) of 1998 applies to UK residents and UK-based organizations. It requires that all personal information, even data not stored in computerized systems, be protected from abuse and secured from unauthorized access. The DPA requires that data controllers take appropriate technical and organization measures to prevent unauthorized or unlawful processing or disclosure of personal data. Data must be protected during storage, transport, transition and update.

7. Australia Regulation - Privacy Amendment Act of 2000

The Privacy Amendment (Private Sector) Act 2000, which amended the Privacy Act 1988, came into effect on 21 December 2001, establishing a national scheme to regulate private sector organisations’ handling of personal information.

The legislation, as amended, was designed to bring Australia into line with international standards on personal information and to instil confidence in how Australian businesses handle personal information. The Government also aimed to address concerns about the development and take up of online business and eCommerce.

8. Japan Regulation - The Personal Information Protection Act
Japan enacted the Personal Information Protection Act (JPIPA) in 2003 to protect individuals’ rights and personal information while preserving the usefulness of information technology and personal information for legitimate purposes. The law establishes responsibilities for businesses that handle personal information for citizens of Japan and outlines potential fines and punishments for organizations that do not comply. The act requires businesses to communicate their purpose in collecting and using personal information. They must also take reasonable steps to protect personal information from disclosure, unauthorized use or destruction.

9. Hong Kong Regulation – The Personal Data (Privacy) Ordinance
The Personal Data (Privacy) Ordinance (’Privacy Ordinance’) sets out a number of strict obligations and restrictions for dealing with an individual’s personal data.

‘Personal data’, which is covered by the Privacy Ordinance includes any information about a living individual, so long as that information includes some data which would allow the individual to be identified. Personal data must include data from which it is reasonably practicable to ascertain the identity of the person. It includes paper documents, microfilm, audio tapes, video tapes, and computer files.

10. Argentinean Regulation - Law for the Protection of Personal Data

The purpose of this Act is the full protection of personal information recorded in data files, registers, banks or other technical means of data-treatment, either public or private for purposes of providing reports, in order to guarantee the honor and intimacy of persons, as well as the access to the information that may be recorded about such persons

11. Industry Privacy Standard - Payment Card Industry Data Security Standard (PCI DSS):
The PCI DSS a set of comprehensive requirements for enhancing payment account data security, was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover, JCB, MasterCard and Visa International, to help facilitate the broad adoption of consistent data security measures on a global basis. The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.