paivi@vipunen.hut.fi (Paivi Helena Hyvarinen Ti-88) (03/26/91)
Well, to further spurr on the discussion about personal information control and protection of one's personal life, junk mail et al.: In Finland we have a law (Tietosuojalaki) that specifically gives anyone and everyone: 1) The right to personally or through an ombudsman control what is written about them in any and all organizational registers (companies customer registers, all kinds of membership registers, employer's and pension registers, marketer's registers, credit registers etc. etc. - private registers like my phone book don't count), once a year for free and even more often if one covers the company's or official's expenses. The cases where an ombudsman acting on the behalf of the individual is required are few, only the registers of our Security Police and, in certain cases (when still under acute therapy) one's psychiatric history. 2) The right to have any and all wrong, lacking, unnecessary or old information corrected in all of these without any charge. 3) The right to deny the use of one's information for some given purposes, typically direct advertising (junk mail etc.) Also, the organizations gathering information must obey some rules about them: 1) The data collected must be directly needed for the functions of that organization. For ex. the tax authorities have no right to collect information about your school grades. A shopping mall has no right to register in which other places you shop, how many kids you have or the like. 2) The data must be kept as safe as humanly possible, so that no one can wrongfully access and exploit it. 3) When data is collected about someone, they must be informed (either give it themselves or get notified). When the information is used, for ex. a direct mail campaign, the source of the information must be stated clearly. 4) All registers have to be registered themselves by our Data Protection Ombudsman's office, the Data Protection Bureau. You are not allowed to have an oragnizational register without notifying the Bureau. 5) Sensitive data can only be gathered with written permission from the Ombudsman. (medical and family history, facts about race, religion, political views etc.) 6) When the data has been used for the intended purpose it must be destroyd in a safe manner. So the register that was used in one direct mail campaign can't be used in another, it must be collected again. These are not all the details of the law, but I guess you get the picture. "Prtotect the small (individuals, families) from the big (the governement and companies)". After this law was passed in our parlament, every household in Finland got a very well written leaflet about the new law, telling us what new rights we now have and giving examples of how to enforce them. If any problems occur, the Data Protection Ombudsman has the right and the obligation to take legal action on the behalf of any person or group that feels that their right to data protection, i.e. control over the information about them has been violated. She also has the right to act on her own, protecting the "general good" of the society, a complaint from the public is not absolutely necessary. This official has already got our courts to stop several unlawful gatherings of information both governemental and commercial and personally I respect her and her office very much. They seem to be doing a great job. The best thing is, that even though I can't personally check what our Security Police has on me, I can ask her to control if they have a file on me (she will tell me yes or no) and, if there is one, that the info in these few protected registers is actually needed, correct and non-partial. Personally, after this law came to power I have received a letter from the nation-wide credit register (Finland is so small that there only is one) telling that I am in their register and what it says there (I couldn't have guessed that I was listed there otherwise - I didn't even know a company by that name existed. I got registered there because I have a credit card). I have also recently asked a mail ordering company to stop selling my name further (the things we got offered never seemed to be of any use) - no problem at all, they agreed at once in a friendly manner. Now I don't know how Americans view their governemental powers, sivil cervants et al., but in Finland the public very much feels that there are "good officials" and "bad officials". The Data Protection Bureau definitively belongs among the good guys and does a good job in protecting us from the bad guys (the police is one example, they have among other things been required to let go of registering old minor fellonies' prosecutions that did not lead to conviction). Even though "more laws" in general is bad, I'm darn glad this one came to be. Just my $.02 (or 10 penni, if you so wish :-) Paivi @ Paivi Hyvarinen, systems analyst (part time) @ Paivi.Hyvarinen@hut.fi @ @ User Services Section @ @ @ Computing Centre, Helsinki Univ. of Technology @ Voice: 358 + 0 - 451 4316 @ @ Otakaari 1 M, SF-02150 Espoo, Finland @ Reception: U133 Thu 10-12 @