Draft National Policy on Data Protection (2004)

The Draft National Policy on Data Protection was released for comment in November 2004 by the Ministry of Public Administration and Information (MPAI). According to the text,

The Data Protection Policy applies to all personal information collected, used or disclosed by private sector and public sector organizations in the course of commercial or government related activity. Key among the Data Protection Policy provisions are:

    organizations are required to seek the consent of individuals prior to collecting, using or disclosing their personal information;

  • organizations must protect personal information with security safeguards appropriate to the sensitivity of the information; and
  • individuals may access personal information about themselves held by an organization and have it corrected, if necessary.

This Data Protection Policy is based on the North American Model and meant to be compliant with rigorous standards for the protection of personal data as outlined in the European Union’s Data Protection Directive and takes into consideration the objectives of fastforward while focusing on the need to be compliant with the target market laws on which we are focused including compliance with the US HIPAA Act.