Security laws, regulations and guidelines directory

By CSO staff, CSO |  Security, privacy, regulation

7. Safeguards

8. Openness

9. Individual Access

10. Challenging Compliance

Sources: BearingPoint, Office of the Privacy Commissioner of Canada

Law on the Protection of Personal Data Held by Private Parties--Mexico

What it covers: Published in July 2010, this Mexican law requires organizations to have a lawful basis--such as consent or legal obligation--for collecting, processing, using and disclosing personally identifiable information. While there is no requirement to notify processing activities to a government body, as in many European countries, companies handling personal data must furnish notice to the affected persons. Individuals must also be notified in the event of a security breach.

Link to the law (Spanish language):

Who it will impact: Mexican businesses, as well as any company that operates or advertises in Mexico or uses Spanish-language call centers and other support services located in Mexico.

Requirements/provisions: In addition to addressing data retention, the law also incorporates eight general principles that data controllers must follow in handling personal data:

* Legality

* Consent

* Notice

* Quality

* Purpose Limitation

* Fidelity

* Proportionality

* Accountability

Source: Information Law Group

European Union Data Protection Directive

What it covers: This 1995 European directive sets strict limits on the collection and use of personal data and demands that each member state set up an independent national body responsible for the protection of this data.

Link to the law:

Additional legislative documents and case law:

Who it impacts: European businesses, as well as non-European companies to which data is exported (see Safe Harbor Act, below).

Requirements/provisions: The directive incorporates seven governing principles:

1. Notice: Data subjects should be given notice when their data is being collected.

2. Purpose: Data should only be used for the purpose stated.

3. Consent: Data should not be disclosed without the subject's consent.

4. Security: Collected data should be kept secure from any potential abuses.

5. Disclosure: Data subjects should be informed as to who is collecting their data.

Originally published on CSO |  Click here to read the original story.
Join us:






Answers - Powered by ITworld

Join us:






Ask a Question