Table 2 Data protection laws in some of the countries
Country | Law | Salient features |
|---|---|---|
USA | HIPAA Act Patient Safety and Quality Improvement Act (PSQIA) HITECH Act | Requires the establishment of national standards for electronic healthcare transactions. Gives the right to privacy to individuals from age 12 through 18 Signed disclosure from the affected before giving out any information on provided healthcare to anyone, including parents Patient Safety Work Product must not be disclosed [63] Individual violating the confidentiality provisions is subject to a civil penalty Protect security and privacy of electronic health information |
EU | Data Protection Directive | Protect people’s fundamental rights and freedoms and in particular their right to privacy with respect to the processing of personal data [64] |
Canada | Personal Information Protection and Electronic Documents Act (‘PIPEDA’) | Individual is given the right to know the reasons for collection or use of personal information, so that organizations are required to protect this information in a reasonable and secure way [65] |
UK | Data Protection Act (DPA) | Provides a way for individuals to control information about themselves Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects |
Morocco | The 09-08 act, dated on 18 February 2009 | Protects the one’s privacy through the establishment of the CNDP authority by limiting the use of personal and sensitive data using the data controllers in any data processing operation [66] |
Russia | Russian Federal Law on Personal Data | Requires data operators to take “all the necessary organizational and technical measures required for protecting personal data against unlawful or accidental access” |
India | IT Act and IT (Amendment) Act | Implement reasonable security practices for sensitive personal data or information. Provides for compensation to person affected by wrongful loss or wrongful gain. Provides for imprisonment and/or fine for a person who causes wrongful loss or wrongful gain by disclosing personal information of another person while providing services under the terms of lawful contract |
Brazil | Constitution | The intimacy, private life, honor and image of the people are inviolable, with assured right to indigenization by material or moral damage resulting from its violation |
Angola | Data Protection Law (Law no. 22/11 of 17 June) | With respect to sensitive data processing, collection and processing is only allowed where there is a legal provision allowing such processing and prior authorization from the APD is obtained |