Information privacy law or data protection laws prohibit the disclosure or misuse of information about private individuals. Over 80 countries and independent territories, including nearly every country in Europe and many in Latin America and the Caribbean, Asia, and Africa, have now adopted comprehensive data protection laws
- For all data collected there should be a stated purpose.
- Information collected from an individual cannot be disclosed to other organizations or individuals unless specifically authorized by law or by consent of the individual
- Records kept on an individual should be accurate and up to date
- There should be mechanisms for individuals to review data about them, to ensure accuracy. This may include periodic reporting
- Data should be deleted when it is no longer needed for the stated purpose
- Transmission of personal information to locations where "equivalent" personal data protection cannot be assured is prohibited
- Some data is too sensitive to be collected, unless there are extreme circumstances