25
Individuals with Regard to the Processing of Personal Data and on
the Free Movement of Such Data.
4.2
Issues:
• Acceptability to Botswana of the Basic Principles established in the
OECD Guidelines Governing the Protection of Privacy and
Transborder Flows of Personal Data.
• Identifying sectors where highest priority should be placed in
ensuring that the framework and implementing systems meet
European Community standards for acceptability of receipt of
European personal data.
• Identifying the appropriate role for legislation and self-regulation
through industry codes of conduct to meet international standards
and the particular needs and capacities of Botswana.
• Identifying the role of Government and the institutional and
programme elements that will be necessary to implement legislation
and policy decisions dealing with the protection of personal privacy
and personal data.
• Specific issues of translation into statutory language include: how to
regulate secondary uses of personal data; degree to which
organisation should have to justify the relevance of data for specific
purposes; the circumstances in which “express” rather than
“implied” consent should be required; distinctions among collection,
use, and disclosure of information; exemptions for public security,
health protection, historical research, etc.
4.3
Discussion:
4.3.1 The protection of personal information13 first became a concern to
governments and citizens with the development of automatic data
processing and the potential to store vast quantities of information about
individuals, their lives, their interests, and their transactions. The
possibility of “data matching” and “data mining” of information that, by
itself, seems relatively innocuous but, when combined with other data,
gives a clear and intimate picture of an individual or a transaction further
raised concerns about the protection of personal privacy.
13
“Personal information” generally refers to information about an identifiable individual, that is,
one can identify to whom the information relates rather than information about an anonymous
person.
The U.K. Data Protection Act 1998 defines “sensitive personal data” as information as to racial
or ethnic origin, political opinions, religious or similar beliefs, membership in a trade union,
physical or mental health or condition, sexual life, commission or alleged commission of an
offence, or proceedings for any offence committed or alleged to have been committed and the
disposal of such proceedings.