(1 ) The Social Justification Principle. The collection of personal data should be for a general purpose and specific uses which are socially acceptable.
(2) The Collection Limitation Principle. The collection of personal data should be restricted to the minimum necessary and such data should not be obtained by unlawful or unfair means but only with the knowledge or consent of the data subject or with the authority of law.
(3) The Information Quality Principle. Personal data should, for the purposes for which they are to be used, be accurate, complete and kept up to date.
(4) The Purpose Specification Principle. The purpose for which personal data are collected should be specified to the data subject not later than at the time of data collection and the subsequent use limited to those purposes or such others as are not incompatible with those purposes and as are specified on each occasion of change of purpose.
(5) The Disclosure Limitation Principle. Personal data should not be disclosed or made available except with the consent of the data subject, the authority of law, or pursuant to a publicly known usage of common and routine practice.
(6) The Security Safeguards Principle. Personal data should be protected by security safeguards which are reasonable and appropriate to prevent the loss of, destruction of, or unauthorized use, modification, or disclosure of the data.
(7) The Openness Principle. There should be a general policy of openness about developments, practices, and policies with respect to personal data. In particular, means should be readily available to establish the existence, purposes, policies, and practices associated with personal data as well as the identity and residence of the data controller.
(8) The Time Limitation Principle. Personal data in a form that permits identification of the data subject should, once their purposes have expired, be destroyed, archived, or de-identified.
(9) The Accountability Principle. There should be, in respect of any personal data record, an identifiable data controller who should be accountable in law for giving effect to these principles.
(10) The Individual Participation Principle. An individual should have the right (a) to obtain from a data controller, or otherwise, confirmation of whether or not the data controller has data relating to him; (b) to have communicated to him, data relating to him (i) within a reasonable time, (ii) at a charge, if any, that is not excessive, (iii) in a reasonable manner, and (iv) in a form that is readily intelligible to him; (c) to challenge data relating to him and (i) during such challenge to have the record annotated concerning the challenge, and (ii) if the challenge is successful, to have the data corrected, completed, amended, annotated, or if appropriate, erased; and (d) to be notified of the reasons if a request made under paragraphs (a) and (b) is denied and to be able to challenge such denial.
SOURCE: P. D. Grub and S. R. Settle, "Transborder Data Flows: An Endangered Species?" in P. D. Grub, F.. Ghadan, and D. Khambata (eds.), The Multinational Enterprise in Transition, Third Edition (Princeton, NJ: The Darwin Press, 1986), 280-281. Reprinted by permission.
Closely linked to national sovereignty is the issue of vulnerability to foreign influence. This concern is more acute in the developing countries, which may perceive an MNC's ability to collect and transmit vast amounts of data about the country's economic and political performance as a threat to their national security. The fear is that an unsolicited change agent is undermining the country's pursuit of self-reliant development. But developed countries are not invulnerable, either. France recognized very early the importance of information technology. In a clear expression of economic nationalism, a report to the French government made the following points:
(1) The "informatization" of society will have serious consequences for France, socially, economically, and culturally.
(2) Foreign firms must not be allowed to be instruments of foreign (primarily U.S. ) dominance.
(3) Post, Telephone, and Telegraph (PTT) administration should be restructured so that the telecommunications portion can be redirected to work more closely with other high-technology agencies.
(4) Mastery of component technology is as important as nuclear mastery for national independence. 1
Some other reasons for regulating transborder data flow are as follows:
(1) Expenditures for expensive foreign-made communications equipment have a negative effect on the country's balance of payments.
(2) Allowing data to be processed outside the country "exports" jobs.
(3) Lack of data-processing opportunities within the country deters hardware and software development, thereby making the country dependent on foreign technology.
(4) The national and cultural values of the country may be undermined by cultural and political messages coming from other countries.
(5) Allowing other countries easy and quick access to information could give the enemy an advantage in time of war. 2
Legislative constraints on the flow of data have tremendous implications for MNC management, as they affect every management function from choosing the appropriate entry strategy to managing human resources 3 .POTENTIAL IMPACT OF DATA FLOW LEGISLATION outlines some of the potential effects of data-flow regulations.
- 1046 reads
