An international perspective on protecting personal information.

• Author: Beckles, Cherri-Ann

Records and information management professionals have a key role to play in safeguarding the privacy of personal information. The challenge is keeping up with rapidly changing, intrusive technologies and in step with the legislation that often lags behind them.

The need for privacy as a public policy arose and augmented in the second half of the 20th century with the emergence and use of information and communications technologies (ICTs) to collect, store, and share personal data, which is defined by the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data as "any information relating to an identified or identifiable individual (data subject)."

With profound changes in the advancement and utilization of technology and a shift from manufacturing to providing knowledge-based services, ICTs became central in both the public and private sector, facilitating the widespread distribution of information--including personal data--that could be stored, manipulated, and exchanged more easily than ever before. The expansion of state powers and the institutionalization of information over the last 50 years through more complex technology-based record-keeping systems gave rise to the need to control access to and the use of personal data.

Records and information management (RIM) practitioners, who are likely to deal with vast amounts of personal data captured in records, have a key role in ensuring compliance with privacy and data protection legislation and policies relevant to recordkeeping within their jurisdictions. They must be proactive in managing information privacy in all recordkeeping systems by becoming conversant with relevant legislation and designing RIM program policies and procedures that ensure that their organizations' records are secured against the unwarranted disclosure and abuse of their internal and external customers' personal data.

Defining Privacy

There is no universal consensus on the meaning of privacy, which encompasses diverse concerns, including the right to be left alone; the right to be free from government surveillance, intrusive police, or other searches, wiretapping, or persistent journalists; and the right to be allowed to make private personal decisions.

The definition of privacy changes according to space (location) and time. Universally, notions of anonymity and security are often associated with privacy. However, the definition that is most relevant to RIM is that privacy is the right for a "living and identifiable" individual to have some control over the collection, storage, and disclosure of his or her personal information held by governmental agencies, financial institutions, medical facilities, educational institutions, and other public and private entities.

In many jurisdictions, privacy is considered a fundamental human right. Yet, it is evident that privacy is not an absolute right and may be denied for what may be considered a greater purpose. For example, with the increase in terrorism on a global scale, the call for improved national security in some jurisdictions has led to what some consider a sacrificing of privacy. However, it is in the interest of governmental agencies to collect personal information about citizens' earnings and income for tax collection purposes and to collect census...