Statement of the Problem

As access to and use of the World Wide Web expanded, the market for personal information became global. Various countries and regions have established, or were in the process of establishing, data protection, data

The footnote format system followed the Association of Legal Writing Directors (ALWD) (4^thed.) Citation Manual as it is the closest to the unique South African legal citation system yet it was internationally recognized and consistent with the

comparative focus of this work. One exception was the citation of international sources for which ALWD was silent and somewhat ethnocentric (due to yet unpublished but projected manuals based on proprietary gain). In such situations, the author applied rules 20.3 and 20.5 of the BlueBook (18^thed.) system, which added country identification at the end of cases and statutes. Publication names are spelled out due to the international nature of the sources used. This standard is based on the APA (6^thed.) which is the behavior, policy, and social science standard in the US and the majority of the English speaking word. Journal titles are in italics as directed by my professor, the SA approach, and the APA standard. Copies of all electronically collected files are on file with the author. The vast majority of in-print journals and books are also on file with the author. When the intellectual property (IP) laws apply, the IP law will be applied. Generally, a copy of the cited books, book chapters, journals, journal articles, and electronic sources are on file with the Author.

Internet and intranet resources have been verified on a yearly basis. The UNISA School of Law has some unique standards which have been followed – like access or visit data.

security, and information privacy (DPSIP) laws. The international debate on privacy concerns was prominent. Business abuses were evident. Consumers wanted clearer protections.⁴

Existing data protection and information privacy laws were generally out-of-date, ignored, inadequate, or nonexistent. In 2008, David Weisbrot, the president of the Australian Law Reform Commission, documented the need for a reevaluation. He declared:

Recent advances in information, communication and surveillance technologies have created and intensified a range of privacy issues.

The internet, biometrics, digital phones and cameras, powerful computers and radio-frequency identification have all contributed to making it easier, cheaper and faster for government agencies and business organizations to collect, store and aggregate large amounts of personal and sensitive information.⁵

Integrated DPSIP laws administered by independent regulatory agencies are essential but lacking. The following ten findings substantiate the need for such laws:⁶

1. Behavioral science research showed DPSIP was essential to psychological, psychosocial, community, and cultural survival.

2. Independent surveys showed the majority of people in the selected countries wanted information privacy protection but were not receiving it. Behavioral science research showed that information privacy was vital to human and societal functioning.

4 William Mitting, Data Privacy Debate to Come to the Fore, Experts Say. (2009), at

http://www.printweek.com/digital/news/915730/Data-privacy-debate-to-fore-experts-say/ (last visited on 25 June 2012).

5 David Weisbrot, Technology-Neutral Privacy Principles Should Govern Rapidly Developing ICT. (2008, August 11), at http://www.alrc.gov.au/media/2008/mbn2.pdf (last visited on 11 August 2012).

6 The data supporting the first seven principles are documented in Chapter Two. The data for the rest of the points are found in the comparative legal standards chapters.

3. Personal information had become a valuable commodity that was easily acquired, accessed, stored, traded, transferred, and sold without permission or quality controls.

4. Governments and business organizations often failed to adequately address civil liberties, human rights, consumer protection, and personal property standards related to DPSIP. Because of the desire for control and their greed, governments and business also often failed in their duty to adequately protect and secure the data they held.

5. DPSIP practices violated analogous principles including informed consent, confidentiality, impact assessments, and audits.

6. Technological innovations received governmental approval and protection without there being any examination of information privacy, data protection, and data security assessments.

7. DPSIP violations threatened related legal principles and the security of individuals, businesses, and governments. The issues include asset protection, contract law, information control, intellectual property law, property laws, tort law, and privacy law conflicts.

8. Different national laws and regulatory approaches were inconsistent and often contradictory, making predictability often impractical.

9. Different national laws and regulatory approaches made DPSIP vulnerable to unauthorized use and abuse.

10. Different national laws and regulatory approaches made DPSIP violations and violators unaccountable.

The need for integrated DPSIP laws that these findings validate are well documented. David Holtzman⁷ studied issues of technology and privacy, finding seven technological sins against privacy, including the following: (1) the Sin of Intrusion, which is a violation of one’s physical and virtual spaces;

(2) the Sin of Latency, which includes the “excessive hoarding” of personal data; (3) the Sin of Deception, which includes the use of private data for

7David H. Holtzman, Privacy Lost: How Technology is Endangering your Privacy, (Jossey-Bass ed. 2006).

purposes other than those approved or consented to; (4) the Sin of Profiling, which is the mishandling of personal data (including data mining); (5) the Sin of Identity Theft, includes criminal theft, and also the sale of data without consent or adequate data security; (6) the Sin of Outing, which includes misuse of personal data and sharing data without permission; and (7) the Sin of Lost Dignity, which includes using personal data for social control and abuses by powerful sources, including businesses and governments.⁸ Holtzman concluded that as these sins harm individuals and society, privacy and data protection laws are required.