Monday, 30 August 2010

Legislation for informational privacy in Namibia

The ability to save information on a computer (for example in the central register) will also necessitate new legislation to be promulgated. These laws are especially necessary in our Information and Communication enabled society where information is stored on electronic retrieval systems.

Legislation for informational privacy

The Namibian Constitution states in Article 13 Privacy:
“(1) No persons shall be subject to interference with the privacy of their homes, correspondence or communications save as in accordance with law and as is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the protection of health or morals, for the prevention of disorder or crime or for the protection of the rights or freedoms of others.”

The Constitution thus guarantees only “Physical Privacy”. The storage of personal and business information (“Informational Privacy”) must have legislation that will prevent misuse of this information. In addition, the individual in Namibia must be able to access any, and all, information that is stored by the state (public institutions).

There are thus things that are needed to guarantee informational privacy:
1. Data Protection Act;
2. Privacy and Electronic Communications Regulations;
3. Freedom of Access to Information Act

Data Protection Act
The Data Protection Act gives you the right to know (access) the information being held on you. It also sets certain key principles that anyone who handles personal information must comply with. The Act also establishes an Information Commissioner. The data covered is any information which can be used to identify a living person. This includes names, birthdays, addresses and other contact details. It only refers to information stored on computers.

The key principles of the Act must include:
• Data may only be used for the specific purpose that it was collected;
• Data may not be shared with others without permission of the individual whom such information is about – unless there is a legitimate reason;
• It is illegal for other parties to obtain this information without permission;
• Individuals have the right to the information about them subject to certain conditions;
• Personal information should not be kept longer than necessary;
• All businesses that collect personal information must register with the Commissioner; and
• Incorrect information must be corrected when it is brought to the attention of the data storage business.

Privacy and Electronic Communications Regulations
These regulations must control the people that wish to send out electronic direct marketing, for example email and text messages (SMS). Individuals have the right to refuse unsolicited marketing messages (“junk mail”) by fax, phone email and text message. Companies and organisations have the right to refuse marketing messages by phone or fax.

A register needs to be created to store the individuals and companies that refuse to receive such marketing messages.

Freedom of Access to Information Act
The Constitutions states in Article 95 Promotion of the Welfare of the People:
“… (e) ensurance that every citizen has a right to fair and reasonable access to public facilities and services in accordance with the law;”

This Act must give the individual the right to obtain information being held by the state (public institutions) unless there are good reasons that such information should be kept confidential. These institutions include government departments, regional and local government as well as schools. (The access to information held by private institutions is expected to be covered by the Data Protection Act.)