INFORMATION MANAGEMENT LEGAL AND SECURITY ISSUES Andrzej Adamski 1. Introduction This section discusses the legal protection of information and the security issues of computer data and electronic information systems and is organised into four parts: First, it focuses briefly on the basic conceptual distinction between information and data, providing a basis of understanding of the primary object of legal and technical means of protection. Second, access to Government information will be discussed. Third, protection of personal data in the administration of criminal justice will be presented. Finally, security of data and network communications will be explored 2. Information and data: Legal Protection of information and data 2.1 Information and data Data is a formal representation of concepts, facts or instructions. Information is the meaning that data has for human beings. Data has, therefore, two different aspects: as potential information for human beings or as instructions meant for a compute Information is not material, but a process or relationship that occurs between a person's mind and some sort of stimulus Information, therefore, is a subjective notion that can be drawn from its objective representation which we call data Different information may be received from the same data. As in the various natural languages the same word may have different meanings, so in computer programming the same byte or set of digits(e.g. 01100010)may serve as a carrier of different content 2.2 Legal Protection of lnformation and data The new legal doctrine of information law and law on information technology recognises information as a third fundamental factor besides matter and energy. This concept realises that modern information technology alters the characteristics of information, especially by strengthening its importance and by treating it as an active factor that works without human intervention in automatic processing systems. In this new approach, it is obvious that the legal eval of corporeal and incorporeal(information)objects differs considerably Information, being an intangible and an entity that can be possessed, shared and reproduced by many, is not capable of being property as most corporeal objects do. Unlike corporeal objects, which are more exclusively attributed to certain persons, information is rather a public good. As such it must principally flow freely in a free society. This basic principle of free flow of information is essential for the economic and political system, as indispensable for the government's accountability and the maintenance of a democratic order A second difference between the legal regime of tangibles and intangibles is that the protection of information has not only to consider the economic interests of its proprietor or holder, but at the same time must preserve the interests of those, who are concerned with the contents of information-an aspect resulting in new issues of privacy protection a third difference originates from the vulnerability of data for manipulation, interception and erasure proprieties that constitute a major concern of computer security, and the criminal law provisions on computer crime 3. Access to government information
INFORMATION MANAGEMENT: LEGAL AND SECURITY ISSUES Andrzej Adamski 1. Introduction This section discusses the legal protection of information and the security issues of computer data and electronic information systems and is organised into four parts: First, it focuses briefly on the basic conceptual distinction between information and data, providing a basis of understanding of the primary object of legal and technical means of protection. Second, access to Government information will be discussed. Third, protection of personal data in the administration of criminal justice will be presented. Finally, security of data and network communications will be explored. 2. Information and Data: Legal Protection of Information and Data 2.1 Information and Data Data is a formal representation of concepts, facts or instructions. Information is the meaning that data has for human beings. Data has, therefore, two different aspects: as potential information for human beings or as instructions meant for a computer. Information is not material, but a process or relationship that occurs between a person=s mind and some sort of stimulus. Information, therefore, is a subjective notion that can be drawn from its objective representation which we call data. Different information may be received from the same data. As in the various natural languages the same word may have different meanings, so in computer programming the same byte or set of digits (e.g. 01100010) may serve as a carrier of different content. 2.2 Legal Protection of Information and Data The new legal doctrine of information law and law on information technology recognises information as a third fundamental factor besides matter and energy. This concept realises that modern information technology alters the characteristics of information, especially by strengthening its importance and by treating it as an active factor that works without human intervention in automatic processing systems. In this new approach, it is obvious that the legal evaluation of corporeal and incorporeal (information) objects differs considerably. Information, being an intangible and an entity that can be possessed, shared and reproduced by many, is not capable of being property as most corporeal objects do. Unlike corporeal objects, which are more exclusively attributed to certain persons, information is rather a public good. As such it must principally flow freely in a free society. This basic principle of free flow of information is essential for the economic and political system, as indispensable for the government=s accountability and the maintenance of a democratic order. A second difference between the legal regime of tangibles and intangibles is that the protection of information has not only to consider the economic interests of its proprietor or holder, but at the same time must preserve the interests of those, who are concerned with the contents of information - an aspect resulting in new issues of privacy protection. A third difference originates from the vulnerability of data for manipulation, interception and erasure - proprieties that constitute a major concern of computer security, and the criminal law provisions on computer crime. 3. Access to Government Information
3.1 From Secrecy to Openness In most countries, the disclosure of government documents is largely discretionary. Government agencies, at both the central and the local level, are rarely forthcoming with information unless it is in their interest. There are no general laws that provided a mechanism for public access enerally, access to government information can be defined as the availability for lon or coping of both records and recordings, possessed or controlled by a public authority. This mechanism came, for the first time in history, in the eighteenth century Sweden with the passage of the Act on Freedom of the Press (1766). After 1945 this regulatory approach was followed in other Scandinavian countries, in the United States(since 1996, when the Freedom of Information Act was enacted), and in several other countries. Among these are Australia, Canada, france, the Netherlands, and New Zealand. Some other countries have constitutional clauses relating to a right of access, but not lways transformative legislation The route by which the promotion of the rights of access to official information has become a strong political issue is varied. Initially, the public's right to government information had been found to be closely related to the concept of human rights. Because of its importance for democratic society, the public's right to information was even acknowledged to constitute a third generation of human rights, after the civil and political rights of the eighteenth century, and the economic and social rights of the first half of the twentieth century. As it was stressed in the Council of Europe Recommendation on"Access by the Public to Government Records and Freedom of Information":"A parliamentary democracy can function adequately only if people in general and their elected representatives are The most recent emphasis, however, is on the commercial rather than human rights aspect of public sector information. There is now a widespread recognition by the private sector of the commercial value of much govemment information. Large data sets, as land registers, company registers, demographic statistics, and topographic information (maps)are routinely produced as a by-product of the day-to-day functioning of public administration. Information is not an end in itself. Sound and comprehensive information is needed if government is to frame workable public policies, plan effective services and distribute resources fairly and equitably. Government information, therefore, constitutes a resource of considerable importance. The potential of such data for exploitation via the digital network was noted and 3.2 Impact of Computerisation Over the 1970s and 1980s, when computerisation of public sector information systems in the most developed countries was in its infancy, there were fears that government agencies would use computerisation as a technology of secrecy rather than a technology of freedom utional provisions relating to a general right of public access to official informatio found in Austria, Belgium, Estonia, Finlan Hungary, the Netherlands, Portugal, Romania and Spain 2 Council of Europe, Recommendation on"Access by the Public to Government Records and Freedom of Information", I February 1979, No854
3.1 From Secrecy to Openness In most countries, the disclosure of government documents is largely discretionary. Government agencies, at both the central and the local level, are rarely forthcoming with information unless it is in their interest. There are no general laws that provided a mechanism for public access. Generally, access to government information can be defined as the availability for inspection or coping of both records and recordings, possessed or controlled by a public authority. This mechanism came, for the first time in history, in the eighteenth century Sweden with the passage of the Act on Freedom of the Press (1766). After 1945 this regulatory approach was followed in other Scandinavian countries, in the United States (since 1996, when the Freedom of Information Act was enacted), and in several other countries. Among these are Australia, Canada, France, the Netherlands, and New Zealand. Some other countries have constitutional clauses relating to a right of access, but not always transformative legislation1 . The route by which the promotion of the rights of access to official information has become a strong political issue is varied. Initially, the public=s right to government information had been found to be closely related to the concept of human rights. Because of its importance for democratic society, the public=s right to information was even acknowledged to constitute a third generation of human rights, after the civil and political rights of the eighteenth century, and the economic and social rights of the first half of the twentieth century. As it was stressed in the Council of Europe Recommendation on AAccess by the Public to Government Records and Freedom of Information@: AA parliamentary democracy can function adequately only if people in general and their elected representatives are fully informed@ 2 . The most recent emphasis, however, is on the commercial rather than human rights aspect of public sector information. There is now a widespread recognition by the private sector of the commercial value of much government information. Large data sets, as land registers, company registers, demographic statistics, and topographic information (maps) are routinely produced as a by-product of the day-to-day functioning of public administration. Information is not an end in itself. Sound and comprehensive information is needed if government is to frame workable public policies, plan effective services and distribute resources fairly and equitably. Government information, therefore, constitutes a resource of considerable importance. The potential of such data for exploitation via the digital network was noted and encouraged. 3.2 Impact of Computerisation Over the 1970s and 1980s, when computerisation of public sector information systems in the most developed countries was in its infancy, there were fears that government agencies would use computerisation as a technology of secrecy rather than a technology of freedom. 1 Constitutional provisions relating to a general right of public access to official information are to be found in Austria, Belgium, Estonia, Finland, Hungary, the Netherlands, Portugal, Romania and Spain. _ 2 Council of Europe, Recommendation on "Access by the Public to Government Records and Freedom of Information", 1 February 1979, No.854 (1979). _
In fact, in some countries computerisation of government information had a strong impact on the way the right of public access has been interpreted by the authorities. For example, when new programming was necessary to extract information from computer systems, agencies and courts have sometimes held that such programming is analogous to record creation, and is therefore not required under the freedom of information laws, which only oblige to search for available records. There is a common feature of these laws to grant access only to information which is available or ca be made available through reasonable effort As electronic records became more common, the freedom of information laws proved to be less useful in the new environment. Because the wording of these laws usually provide access to paper records, an authority was not obliged to accommodate a requesters preference for access in an electronic form, for example a copy on computer tape or disk. There are well known, especially in the United States, cases of the Government's agency refusal of making computerised records available to the party concerned in their access Today, in the United States these definitional problems have successfully been solved, with the adoption of the Amendments Act on Electronic Freedom of Information of 1996. the government information maintained in electronic format has become accessible to the public on an equal footing with paper-based documents. Though, there are still some national legislations that do not allow requesters to obtain data in machine-readable format, the process of commercialisation of the public sector information is a present development both in the United States and most countries of Western Europe. Moreover, due to the traditional concept of the right of access, as a right to request the handing out of identified documents, the right to search for documents has so far not been a recognised part of the principle of public In view of the fast growing information networks, the powerful search engines, and, generally speaking, the retrieval possibilities of electronic information increase the significance of search rights as an integrated element of the traditional right of access New developments in hardware and software technology, as relational databases and hypertext, not only computer flexibility and responsiveness to unanticipated form of requests, but also make it easy to compile and information for network access. The cost in money and effort to share information is much lower. As a result, ccess to government information can be enhanced The most recent ever rating the tendency of making legal text databases freely available to citizens is a decision of the Swedish parliament to make its on-line legal information service(Rixlex)available to the public on a free of charge basis via the Internet. sThe Freedom of Information Act in the Electronic Age: The Statute is Not User Friendly", J.A. Grodsky. Jurimetrics Journal, 19, 1990 In the case National Security Archive v CIA, a public interest research group requested an index of previously released records by the CIA under FOIA. The plaintiff group asked for the data on a computer tape or disk so that the information could be scanned electronically more quickly than on paper. The agency refused, and instead it produced a 5,000 page print-out that made a stack three and a half feet, or about a meter, high. while the group argued that the size of the print-out made analysis practically impossible, the court held that the Cia had provided the information in a reasonably accessible form, and dismissed the complaint. The Swedish Act on Freedom of the Press states that an authority shall be under no obligation to make a recording for electronic data processing available in any form other than transcript, a paper print-out. The official reason for this restriction is to prevent the provided electronic copies from ing used for any unauthorised data registration that leads to an invasion of personal integrity
In fact, in some countries computerisation of government information had a strong impact on the way the right of public access has been interpreted by the authorities. For example, when new programming was necessary to extract information from computer systems, agencies and courts have sometimes held that such programming is analogous to record creation, and is therefore not required under the freedom of information laws, which only oblige to search for available records3 . There is a common feature of these laws to grant access only to information which is available or can be made available through reasonable effort. As electronic records became more common, the freedom of information laws proved to be less useful in the new environment. Because the wording of these laws usually provide access to paper records, an authority was not obliged to accommodate a requester=s preference for access in an electronic form, for example a copy on computer tape or disk. There are well known, especially in the United States, cases of the Government=s agency refusal of making computerised records available to the party concerned in their access4 . Today, in the United States these definitional problems have successfully been solved, With the adoption of the Amendments Act on Electronic Freedom of Information of 1996, the Government information maintained in electronic format has become accessible to the public on an equal footing with paper-based documents. Though, there are still some national legislations that do not allow requesters to obtain data in machine-readable format5 , the process of commercialisation of the public sector information is a present development both in the United States and most countries of Western Europe. Moreover, due to the traditional concept of the right of access, as a right to request the handing out of identified documents, the right to search for documents has so far not been a recognised part of the principle of public domain. In view of the fast growing information networks, the powerful search engines, and, generally speaking, the retrieval possibilities of electronic information increase the significance of search rights as an integrated element of the traditional right of access. New developments in hardware and software technology, as relational databases and hypertext, not only enhance computer flexibility and responsiveness to unanticipated form of requests, but also make it easy to compile and format information for network access. The cost in money and effort to share information is much lower. As a result, public access to government information can be enhanced. The most recent event illustrating the tendency of making legal text databases freely available to citizens is a decision of the Swedish parliament to make its on-line legal information service (Rixlex) available to the public on a free of charge basis via the Internet. 3 "The Freedom of Information Act in the Electronic Age: The Statute is Not User Friendly", J.A. Grodsky. Jurimetrics Journal, 19, 1990 4 _In the case National Security Archive v. CIA, a public interest research group requested an index of previously released records by the CIA under FOIA. The plaintiff group asked for the data on a computer tape or disk so that the information could be scanned electronically more quickly than on paper. The agency refused, and instead it produced a 5,000 page print-out that made a stack three and a half feet, or about a meter, high. While the group argued that the size of the print-out made analysis practically impossible, the court held that the CIA had provided the information in a reasonably accessible form, and dismissed the complaint. 5 _The Swedish Act on Freedom of the Press states that an authority shall be under no obligation to make a recording for electronic data processing available in any form other than transcript, a paper print-out. The official reason for this restriction is to prevent the provided electronic copies from being used for any unauthorised data registration that leads to an invasion of personal integrity
To facilitate this tendency, government information should be exempted from the copyright protection. For instance, the United States Copyright Act of 1976 explicitly provides that copyright protection is not available for any work of the United States Government. Article 4 of the Polish Copyright Act of 1994 excludes legislative acts, their official drafts, and other official documents and materials from the copyright protection. A number of other countries have adopted similar regulations'. The significance of the limitation on copyright for government information policy was not always appreciated, but its importance became clearer in recent years as digital data became commonplace. It simply implies that government information is public domain. Anyone may reprint a government document in any way d at any price. Any government data made public also may be used in any on-line information service without restriction 3.3 Openness vS Secrecy Public access to official information does not prevent the Government from protecting information from disclosure for their legitimate aims as stipulated by legal provisions In the United States, nine exemptions permit the withholding of records to protect legitimate government or private interests. Thus, national security information, trade secrets, law enforcement investigative files, personal data, pre-decisional documents, and other categories of government records can lawfully be denied to a FOIA requester. The early experience under the Act on Freedom of Information shows some negative consequences of this legislation for effective law enforcement. It was estimated that only 7 percent of the 30,000 FOIA requests received annually by the Department of Justice came from media and other researchers. Many requests came from persons who were obviously seeking improper personal advantage, including convicted offenders, organised crime people, drug traffickers, and persons in litigation with the United States who are attempting to use the FOla to circumvent the rules of discovery governments to combat crime was thought to be affected, mainly by a decline in the number of informant nd local contained in the rules of criminal or civil procedure. Consequently, the ability of the federal, state, an a highly detailed Swedish Secrecy Act contains 16 chapters and more than a hundred articles. They provide a specific requirements of damage to the interest concerned, as well as a maximum period of time during which secrecy applies. For example, where the protection of personal circumstances of individuals is concerned, usually a term of 50 or 70 years is applicable. With regard to secret information on matters of national defence or foreign relations a maximum period of 40 years has been established. In principle the restrictions laid down in the Secrecy Act mandatory in nature, ie if a restriction applies the authority involved must refuse access The legal nature of the restrictions based on secrecy interests differs among the various jurisdictions. In the United States of America, Denmark and France for example the limitations are not mandatory as is the case in Sweden and the Netherlands but are discretionary in nature. This means that if a restriction is applicable, the public authority concerned is under no obligation to give access to the information, but is nevertheless entitled to do so United States Copyright Act, 5105(1994). The prohibition on copyright protection for United States Government works is not intended to limit protection abroad. Thus, under the Copyright Act, the Federal Government can seek copyright for its information of other countries. or a not copyrighted as far as they are published officially( Law on Intellectual and Artistic Works, No 5846, art. 31). Speeches are not copyrighted in the scope of mass communications, otherwise they are copyrighted(art. 32). All other governmental works, such as reports, plans, maps, drawings Report of Attomey General's Task Force on Violent Crime of 17 August 1981. United States Department of Justice
To facilitate this tendency, government information should be exempted from the copyright protection. For instance, the United States Copyright Act of 1976 explicitly provides that copyright protection is not available for any work of the United States Government6 . Article 4 of the Polish Copyright Act of 1994 excludes legislative acts, their official drafts, and other official documents and materials from the copyright protection. A number of other countries have adopted similar regulations7 . The significance of the limitation on copyright for government information policy was not always appreciated, but its importance became clearer in recent years as digital data became commonplace. It simply implies that government information is public domain. Anyone may reprint a government document in any way and at any price. Any government data made public also may be used in any on-line information service without restriction. 3.3 Openness vs. Secrecy Public access to official information does not prevent the Government from protecting information from disclosure for their legitimate aims as stipulated by legal provisions. In the United States, nine exemptions permit the withholding of records to protect legitimate government or private interests. Thus, national security information, trade secrets, law enforcement investigative files, personal data, pre-decisional documents, and other categories of government records can lawfully be denied to a FOIA requester. The early experience under the Act on Freedom of Information shows some negative consequences of this legislation for effective law enforcement. It was estimated that only 7 percent of the 30,000 FOIA requests received annually by the Department of Justice came from media and other researchers. Many requests came from persons who were obviously seeking improper personal advantage, including convicted offenders, organised crime people, drug traffickers, and persons in litigation with the United States who are attempting to use the FOIA to circumvent the rules of discovery contained in the rules of criminal or civil procedure. Consequently, the ability of the federal, state, and local governments to combat crime was thought to be affected, mainly by a decline in the number of informants8 . A highly detailed Swedish Secrecy Act contains 16 chapters and more than a hundred articles. They provide a specific requirements of damage to the interest concerned, as well as a maximum period of time during which secrecy applies. For example, where the protection of personal circumstances of individuals is concerned, usually a term of 50 or 70 years is applicable. With regard to secret information on matters of national defence or foreign relations a maximum period of 40 years has been established. In principle the restrictions laid down in the Secrecy Act are mandatory in nature, i.e. if a restriction applies the authority involved must refuse access. 6 United States Copyright Act, '105 (1994). The prohibition on copyright protection for United States Government works is not intended to limit protection abroad. Thus, under the Copyright Act, the Federal Government can seek copyright for its information of other countries. 7 In Germany and Switzerland, for instance, legislation and jurisprudence is not copyrighted. The Italian law explicitly bars statutes, regulations, rulings and the like from being copyrighted by Italian Government, local authorities or a foreign one. In Turkey, legislation and jurisprudence are not copyrighted as far as they are published officially (Law on Intellectual and Artistic Works, No. 5846, art. 31). Speeches are not copyrighted in the scope of mass communications, otherwise they are copyrighted (art. 32). All other governmental works, such as reports, plans, maps, drawings etc. are copyrighted. 8 _Report of Attorney General=s Task Force on Violent Crime of 17 August 1981. United States Department of Justice. The legal nature of the restrictions based on secrecy interests differs among the various jurisdictions. In the United States of America, Denmark and France for example the limitations are not mandatory as is the case in Sweden and the Netherlands but are discretionary in nature. This means that if a restriction is applicable, the public authority concerned is under no obligation to give access to the information, but is nevertheless entitled to do so. Under
the Canadian Act on Access to Information the general rule is that exemptions are discretionary. There are, however, five mandatory exemptions in the Act that require the public authority involved to claim an exemption for certain types of records. The mandatory exemptions relate to information that was obtained in confidence from the government of a foreign state or from an international organisation of states, personal information as defined in the Privacy Act, trade secrets of a third party, financial, commercial, scientific or technical information that is confidential information supplied to a government institution by a third party, and information the disclosure of which is restricted by or pursuant to specific other statutes The mandatory nature of these exemptions is set aside in certain circumstances, in which the public authority may disclose the information. First, this applies if the organisation from which the information was obtained or the person to whom the information relates consents to the disclosure. Secondly, personal information under the control of a government institution may be disclosed even without the consent of the individual to whom it relates if the public interest in disclosure clearly outweighs any invasion of privacy that could result from the disclosure. Thirdly, financial commercial, scientific and technical information that is confidential, may be disclosed if such disclosure would be in th public interest as it relates to public health, public safety or the protection of the environment and, if such public interest in disclosure clearly outweighs in importance any financial loss or gain to, prejudice to the competitive position of or interference with contractual or other negotiations of a third party. The exemptions concerning international affairs defence and national security, law enforcement and investigations, safety of individuals, economic interests of Canada, and deliberative documents are discretionary From the above review it becomes clear that the right to access public information remains in conflict with othe ocial values and interests such as the efficiency in Government and the right to privacy. The reconciliation of these opposing values and interest should be provided by the legal instruments and can take different procedural forms, depending on the legal and constitutional system of the country concerned. Among legal tools available to protect privat terests in confidentiality there are data protection laws that appeared in most western legal systems in response to new challenges to privacy caused by expanded possibilities for personal data processing by new technologies 4. Data Protection in Computerisation in Criminal justice Computerisation of criminal justice has far-reaching implications for human values that are involved in the automatic processing of personal data. The fears that computerisation of criminal justice is able to induce are mainly related to the potentials for over-control of individuals, including the possible breaches of their privacy through misuse of sensitive data about them recorded in computer files 1. An application of increasingly sophisticated information gathering devices for surveillance ctivities may reduce the individual's sense of security and liberty I Accumulation of personal data in various databases connected throughout computer networks would make possible the creation of personality profiles or so-called computer shadows of the data subject i Susceptibility of computerised information systems for an unauthorised access to data stored and their possible abuses have constituted another cause of concern I Use of information provided by centralised computer systems or sectors of the population who have no opportunity to inspect the accuracy of the info affect the legal position of the data subject in a way being harmful for their civil liberties 4.1 Data Protection Legislation and International Standards with information technology an individual may become transparent for the data controllers. To prevent such a possibility data protection legislation has been initiated in several countries. For the first time in Sweden(1973), and subsequently in over 20 other countries of Western Europe, North America and Australia. The underlying idea of nake it possible for the individual to ex over the one's own data that is collected and used by others. There is a positive feedback between the national legislation
the Canadian Act on Access to Information the general rule is that exemptions are discretionary. There are, however, five mandatory exemptions in the Act that require the public authority involved to claim an exemption for certain types of records. The mandatory exemptions relate to information that was obtained in confidence from the government of a foreign state or from an international organisation of states, personal information as defined in the Privacy Act, trade secrets of a third party, financial, commercial, scientific or technical information that is confidential information supplied to a government institution by a third party, and information the disclosure of which is restricted by or pursuant to specific other statutes. The mandatory nature of these exemptions is set aside in certain circumstances, in which the public authority may disclose the information. First, this applies if the organisation from which the information was obtained or the person to whom the information relates consents to the disclosure. Secondly, personal information under the control of a government institution may be disclosed even without the consent of the individual to whom it relates if the public interest in disclosure clearly outweighs any invasion of privacy that could result from the disclosure. Thirdly, financial, commercial, scientific and technical information that is confidential, may be disclosed if such disclosure would be in the public interest as it relates to public health, public safety or the protection of the environment and, if such public interest in disclosure clearly outweighs in importance any financial loss or gain to, prejudice to the competitive position of or interference with contractual or other negotiations of a third party. The exemptions concerning international affairs, defence and national security, law enforcement and investigations, safety of individuals, economic interests of Canada, and deliberative documents are discretionary. From the above review it becomes clear that the right to access public information remains in conflict with othe social values and interests such as the efficiency in Government and the right to privacy. The reconciliation of these opposing values and interest should be provided by the legal instruments and can take different procedural forms, depending on the legal and constitutional system of the country concerned. Among legal tools available to protect private interests in confidentiality there are data protection laws that appeared in most western legal systems in response to new challenges to privacy caused by expanded possibilities for personal data processing by new technologies. 4. Data Protection in Computerisation in Criminal Justice Computerisation of criminal justice has far-reaching implications for human values that are involved in the automatic processing of personal data. The fears that computerisation of criminal justice is able to induce are mainly related to the potentials for over-control of individuals, including the possible breaches of their privacy through misuse of sensitive data about them recorded in computer files: 1. An application of increasingly sophisticated information gathering devices for surveillance activities may reduce the individual=s sense of security and liberty; I Accumulation of personal data in various databases connected throughout computer networks would make possible the creation of personality profiles or so-called computer shadows of the data subject; I Susceptibility of computerised information systems for an unauthorised access to data stored and their possible abuses have constituted another cause of concern; I Use of information provided by centralised computer systems on large sectors of the population who have no opportunity to inspect the accuracy of the information held, may also affect the legal position of the data subject in a way being harmful for their civil liberties. 4.1 Data Protection Legislation and International Standards With information technology an individual may become transparent for the data controllers. To prevent such a possibility data protection legislation has been initiated in several countries. For the first time in Sweden (1973), and subsequently in over 20 other countries of Western Europe, North America and Australia. The underlying idea of protection of personal data is to reverse the above tendency and make it possible for the individual to exercise control over the one=s own data that is collected and used by others. There is a positive feedback between the national legislation