Site hosted by Angelfire.com: Build your free website today!

Transborder Data Flow and Its Guide Lines

Introduction:

Rapid technological developments in the field of information, computers and communications are leading to significant structural changes in the economies of member countries. Flows of computerized data and information are an important consequence of technological advances and are playing an increasing role in national economies. Networks that link systems between countries are called international networks or global area networks (GANs). However, international telecommunications comes with special problems. In addition to requiring sophisticated equipment and software, global area networks must meet specific national and international laws regulating transborder data flow. Some countries have strict laws restricting the use of telecommunications and databases, making normal business transactions such as payroll costly, slow, or even impossible. Other countries have few laws restricting the use of telecommunications and databases. Laws and regulations governing TBDF may differ among countries through which the data flows.

The Data Processing Management Association (DPMA) stands strongly in favor of every individual's right to information privacy. Transborder Data Flow (TBDF) or some times called International Information Flow (IIF), is the flow of data (electronically encoded information) across the national borders of two or more countries. Most commonly, the sender is in one country and the receiver of the data is in another. DPMA encourages its member to advance the free flow of information internationally. This will improve economic conditions, expand business opportunities and increase employment in both sending and receiving countries.

Guide lines:

Further, DPMA suggests that firms engaged in TBDF adopt the following guide lines:

  1. Proprietary and copyrighted information should not be transmitted across national borders unless the rights to do so have been obtained, or it is within the same operation.
  2. Data that has been obtained by means not acceptable by laws of all countries that it crosses should not be transmitted.
  3. Personal data which is any information relating to an identified or identifiable individual, transmitted should be relevant to the purpose for which they are to be used, and to the extent necessary for those purposes, should be accurate, complete and kept up-to-date.
  4. Personal data received shall not be disclosed, made available or otherwise used for purpose other than that for which it was collected, except by authority of law.
  5. Personal identifying information should not be included in the transmitted data if the identity of individuals is not pertinent to the use of data.
  6. Where the identity of individuals such as address and other related information is pertinent to the use of data, DPMA recommends separate transmission of identifying data with unique keys and remaining data with same keys so that the data can be combined by the receiver. Where that is not practical, or as an additional level of security, DPMA recommends encryption or other security encoding of the data to prevents its unauthorized use and to reduce its value if intercepted.
  7. There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject.
  8. Personal data should be relevant to the purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, complete and kept up-to-date.
  9. Personal data should be protected by reasonable security safeguards against such risks as loss or unauthorized access, destruction, use, modification or disclosure of data.
  10. Records of juvenile, misdemeanor, and non-conviction arrest data should not be transmitted except for legitimate law enforcement purpose.
  11. Both the transmitting and receiving parties are obliged to obey all the pertinent privacy and data transfer laws of each nation the data passes through.
  12. Data processing management should maintain an awareness of TBDF issues and activities in the countries between which the firm regularly transmit data.
  13. There should be general policy of openness about developments, practices and policies with respect to personal data. Means should be readily available of establishing the existence and nature of personal data, and the main purpose of their use, as well as the identity and usual residence of the data controller.
  14. An individual should have right to obtain from a data controller, to have communicated to him.
  15. Member countries should take into consideration the implications for other Member countries of domestic processing and re-export of personal data.
  16. Member countries should take all reasonable and appropriate steps to ensure that transborder flows of personal data, including transit through a Member country, are uninterrupted and secure.
  17. A data controller should be accountable for complying with measures which give effect to the principles stated above.
  18. Member countries should avoid developing laws, policies and practices in the name of the protection of privacy and individual liberties, which would create obstacles to transborder flows of personal data that would exceed requirements for such protection.
  19. Member countries should work towards the development of principles, domestic and international, to govern the applicable law in the case of transborder flows of personal data.

Return to Course

Return to