[Previous] [Next] [Title]

Appendix 1. Questionnaire on Data Protection for Legal Persons

Part 1: Rationale for Protection

1(a). What was the original rationale for the decision that your country's data protection legislation would provide express and specific protection for data on legal persons? For example, was protection of data on legal persons viewed primarily as an end in itself or merely as a means of providing more complete protection for natural/physical persons?

1(b). Has the rationale for protecting data on legal persons through the use of data protection legislation changed since the legislation came into force? If yes, how has it changed?

1(c). Was the original decision to protect data on legal persons made as an outcome of a detailed and systematic study of the "privacy" or data protection needs of legal persons? If not, has such a study been undertaken in the meantime?

1(d). If protection of legal person data was/is viewed by your country's relevant authorities as an end in itself, have they also been of the opinion that legal persons have or should have a legal right to "privacy"?

1(e). Has there been any discussion in your country about using data protection legislation as a means of better protecting the confidentiality of companies' trade secrets and business "know-how"?

Part 2: Problems of Protection

Access rights

2(a). Have there been any instances of companies using the information access rights provided under data protection legislation to find out what sort of information about them is held by their business competitors or by public sector institutions? If yes, please provide brief details about the number of these instances, the kinds of cases involved, and the consequences these instances have had.

2(b). Have there been any complaints from business groups and companies that the information access rights provided under your country's data protection legislation have been exploited by their competitors to the extent that these competitors have learned important confidential information about their business strategies and "know-how"? If yes, have these complaints been substantiated?

2(c). Have there been any cases where inspection records, put together after your office/organization has carried out data protection audits, have been disclosed under freedom of information legislation? If yes, please provide details. If no, does your country's freedom of information legislation allow for such disclosure to occur?

Transborder data flows (TBDF)

2(d). Has protection of legal person data under your country's data protection legislation brought about any problems in relation to TBDF? If yes, what sort of problems?

Organizational burdens

2(e). Has the application of data protection laws to data on legal persons in addition to data on natural/physical persons resulted in a major increase in administrative expense and procedures for private sector record-keepers and/or for public sector record-keepers?

2(f). Has the application of data protection laws to legal person data in addition to data on natural/physical persons resulted in a much-increased workload for your office/organisation? Has it meant that your office/organisation has less time and resources for ensuring that data on natural/physical persons are sufficiently protected?

2(g). Has your office/organisation come across any problems associated with the protection of legal person data under data protection legislation which are not highlighted in the above questions? If yes, please give details.

2(h). Has your office found that many information files contain data on both legal and natural persons, and that it is difficult to differentiate between these two types of data? If yes, please give details.

Part 3: General Issues

3(a). Has there been much public debate in your country over the appropriateness of applying data protection laws to data on legal persons in the same way as to data on natural/physical persons?

3(b). Do you think it is likely that your country's data protection legislation will be amended in the near future so that it only protects data on natural/physical persons?

3(c). Has there been any pressure from, say, business groups to amend your country's data protection laws so that these only protect physical person data?

3(d). Is there any concrete evidence to suggest that inclusion of legal person data in your country's data protection legislation has offered increased protection to natural/physical persons?

3(e). Is there any concrete evidence to suggest that inclusion of legal person data in your country's data protection legislation has offered increased protection to legal persons?

3(f). In your opinion, to what extent are legal persons aware of the provisions of your country's data protection legislation?


[Previous] [Next] [Title]