With the advent of more and more complex and sometimes conflicting new laws governing data files and the confusion that is developing, we are experiencing delays in system design. Planning is becoming increasingly difficult and administrative costs are starting to increase .... The increased difficulty of managing the company, increased delays in reporting vital operating data, reduced market information, less effective means of evaluating personnel for promotion-all will be far more disruptive to productivity and effective operation than the added out-of-pocket costs.
Multinational computer/communications systems must often be redesigned or restructured in accordance with the new nationally imposed procedures for handling information. Requirements may include all or some combination of the following: (1) the registration of personal data files with a central regulatory authority; (2) limits on data collection to clearly defined purposes; (3) access to data files by subjects and / or governmental authorities for purposes of inspection and (4) sufficient security precautions to prevent unauthorized access to data bases.
While some firms may already have a mechanism in place, others may need to establish "an effective arm of organization to set and implement data security and privacy policy."
Multinational firms generally accept the central objective of data privacy protection legislation, which many feel is simply an extension of existing corporate policy. Their major concern involves the effects of overlapping (and often conflicting) national laws, as well as the wider impact the new regulations will have on corporate information flows. Because multinationals operate on a global basis, they are highly visible and, as a consequence, feel more vulnerable for the following reasons:
(1) MNCs operating in any country with data protection laws may be obliged to extend compliance to every country where they have operations, resulting in communications with a much higher degree of transparency than would otherwise be normal or acceptable for the firm.
(2) Licensing or registration requirements legitimize government supervision and scrutiny of corporate information systems. Further, registering the patterns and destinations of flows within their organizations to comply with private rules may expose much wider corporate policies and practices.
(3) The right of access by data authorities to corporate data processing operations for security safeguards checks may lead to disclosure of nonpersonal data, since name-linked data may not be segregated from other types of data; even the disclosure of personal information may involve a great deal of related collateral information of a proprietary nature.
SOURCE: Grub and Settle, 'Transborder Data Flows," p. 285. Reprinted by permission.
- 1026 reads
