solution - dp
Institutions, public or private, that generate and process personal data must:
- be subject to rigorous regulations providing them with standards on how to handle any data they process;
- be compelled to be transparent;
- be subject to checks and balances;
- respect the rule of law.
There are a number of a basic principles upheld by widely recognised codes, practices, decisions, recommendations, and policy instruments which provide the framework for effectively regulating the processing of personal data. In addition, an independent regulator or authority must be appointed to ensure the law protection law is enforced, and it must have the mandate and resources to conduct investigations, act on complaints and impose fines when they discover an organisation has broken the law.
Furthermore, recognising the need for multi-disciplinary nature of such mechanisms, technological measures from the conception phase to the processing of data are necessary to support the regulatory framework to ensure the security and safety of the data and infrastructure on why the practice relies as well as minimise data generation and collection, to mathematically restrict further data processing, to assuredly limit unnecessary access, amongst other privacy measures. Such measures should be adopted by both companies and governments.
Finally, with new opportunities arising with advancements in technology and data generation and processing, we are also exploring how these new practices are pushing the boundaries of current regulatory frameworks and using this evidence base to identify their limits and what further regulatory and security safeguards and mechanisms must be established to ensure the protection of the right to privacy of individuals.