International Privacy Resources || International Privacy Rules | International Privacy Laws | International Privacy Regulations

February 6th, 2010 Leave a comment Go to comments

International Privacy Laws and International Security Breach Laws

Supra-national Organizations

Asia-Pacific Economic Cooperation (APEC)
1. Privacy Framework (PDF)
Asia-Pacific Privacy Charter Council (APPCC)
Association Francophone des Autorités de Protection des Données Personnelles (Francophone Association of Data Protection Authorities AFAPDP)
Central and Eastern Europe Data Protection Authorities (CEEP)
Council of Europe(CE) + European Union (EU)
1. Directive ETS 108 – Convention for Protection of Individuals with regard to Automatic Processing of Personal Data
2. Directive ETS 181 – Additional Protocol to the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data Regarding Supervisory Authorities and Transborder Data Flows
3. Directive ETS 185 – Convention of Cybercrime
4. Decisions on the Adequacy of the Protection of Personal Data in Third Countries
5. Directive 1995/46/EC
6. Directive 1997/66/EC – Telecommunications Sector
7. Regulation 45/2001 (PDF)
8. Directive 2002/58/EC
  1. Directive 2009/xx/EC – Directive Codifying ePrivacy for the Telecommunications Sector. (PDF, temporary number and name)
9. Directive 2006/24/EC
10. European Data Protection Supervisor (EDPS)
Ibero-American Data Protection Network (RIPD)
1. International Privacy Law Library
Organisation for Economic Co-operation and Development (OECD)
1. Guidelines for the Security of Information Systems Information and Networks
2. Report on the Cross-Border Enforcement of Privacy Law (2006, in PDF)
Schengen Convention (Schengen)
1. Schengen Joint Supervisory Authority (JSA)
United Nations (UN) Economic and Social Commission for Western Asia (ESCWA)
1. Models for Cyber Legislation in ESCWA Member Countries Guide Document (PDF)
2. Guidelines for the regulation of computerized personal data files ( A/RES/45/95)
European Privacy Association

International Privacy Laws and National Breach Laws

Afghanistan/ Afġānistān / Afġānestān (not while being wholly owned and operated)
1. None Found
Albania (CE185, CE)
1. Law No. 8517 on the Right to Information and Protection of Personal Data
Algeria / Shqipëria
1. None Found
Andorra / Principat d'Andorra (CE)
1. Agència Andorrana de Protecció de Dades (ADPD, in Spanish)
Angola
Antigua and Barbuda
1. Barbuda is a Semi-Autonomous Territory
Argentina
1. Dirección Nacional de Protección de Datos Personales (DNPDP, in Spanish)
  1. Decree 995/2000 (Translated)
  2. Regulation 1/2003 – Data Protection Infringements and Penalties (Translated)
  3. Provision 11/2006 – Security Measures for Maintenance of Personal Data (Spanish PDF)
  4. Link to Regulations (In Spanish)
2. Protection of Personal Data Law (In Spanish)
Armenia / Հայաստան / Hayastan (Member CE, CE185)
1. Law on Personal Data / ԱՆՀԱՏԱԿԱՆ ՏՎՅԱԼՆԵՐԻ ՄԱՍԻՆ (Translated PDF)
Aruba (generally administered from Holland)
Australia (Member OECD)
1. Office of the Privacy Commissioner
2. Federal Privacy Act (1988)
  1. With Amendments up to August 2009
3. Telecommunications Act (1997)
4. States and Regions:
  1. Australian Capital Territory
    1. Health Records (Privacy and Access) Act 1997
    2. Human Rights Act 2004
  2. New South Wales Privacy Commissioner
    1. Privacy and Personal Information Protection Act Number 133 1998 (with Amendments to July 2009)
    2. Privacy and Personal Information Protection Regulation 2005 (with Amendments to January 2009)
    3. Health Records and Information Privacy Act 2002 (HRIPA)
    4. Health Records and Information Privacy Code of Practice 2005
  3. Office of the Northern Territory Information Commissioner
    1. Information Act (July 31, 2009)
  4. Queensland
  5. South Australia
    1. No specific legislation found
  6. Tasmania
    1. Personal Information Protection Act 2004
  7. Victoria Privacy Commissioner – Privacy Victoria
    1. Information Privacy Act 2000
  8. Western Australia
    1. No specific legislation found
5. Other Territories:
  1. Christmas Island
  2. Cocos / Keeling Islands
Austria / Österreich (Member EU, OECD, Schengen, CE)
1. Österreichischen Datenschutzkommission (DSK, Data Safety Commission, in German)
2. Data Protection Act (DSG 2000, translated)
  1. Notice: Austria has state/canton laws relating to Privacy for each entity
Azarbaijan / Azərbaycan (Member CE)
1. Law on Information, Informatization and Protection of Information 1998 (Source not found)
Bahamas
1. Data Protection (Privacy of Information) Act (2003, PDF)
Bahrain
1. None Found
Bangladesh / বাংলাদেশ
Barbadus
Belarus / White Russia / Беларусь (Despotic Regime)
1. Law Of The Republic Of Belarus On Information, Informatization and Protection of information
Belgium / België / Belgique / Belgien (Member EU, OECD, Schengen, CE)
1. Act for the Protection of Private Data Files
2. Commission de la Protection de la Vie Privée (CPVP/CPP/CBPL, Commission for the Protection of Private Life, in French)
Belize
Benin / Bénin
Bhutan / Druk Yul
Bolivia / Estado Plurinacional de Bolivia / Bulibiya / Wuliwya
Bosnia and Herzogovina / Bosna i Hercegovina / Босна и Херцеговина (Member CE)
1. Including The Republika Srpska / Република Српска
2. Law on The Protection of Personal Data (Translated PDF)
Botswana / Lefatse la Botswana
Brazil
1. Law 9472 on Telecommunications (Portuguese PDF)
Brunei Darusallam
Bulgaria / България (Member EU, Schengen (not implemented), CE, CE185, CEEP)
1. Комисията за защита на личните данни (CPDP, Commission for the Protection of Personal Data, in Bulgarian)
2. Law on Protection of Personal Data (In Bulgarian)
3. Rule 1 on the Minimum Level … Measures and … Data Protection (in Bulgarian)
Burkina Faso / Upper Volta
Burundi / Uburundi
Cambodia
Cameroon / Cameroun
Canada
1. Office of the Privacy Commissioner
2. Privacy Act
3. Identity Theft Act (Formerly Known as S-4, PDF)
4. Personal Information Protection and Electronic Documents Act (PIPEDA)
5. States:
  1. Information and Privacy Commissioner of Alberta
    1. Personal Information Protection Act
    2. Health Information Act (PDF)
  2. Information and Privacy Commissioner for British Columbia
    1. No current law noted on Privacy in the Private Sector
  3. Manitoba Ombudsman's Office Access and Privacy Division
    1. Personal Health Information Act (PHIA)
  4. New Brunswick Office of the Ombudsman
    1. No current law noted on Privacy in the Private Sector
  5. Information and Privacy Commissioner for Newfoundland and Labrador
    1. No current law noted on Privacy in the Private Sector
  6. Information and Privacy Commissioner of the Northwest Territories (Generally coordinated with Nunavut, below)
  7. Freedom of Information and Protection of Privacy Review Office of Nova Scotia
    1. Privacy Review Officer Act (PRO, 2008, took effect Sep 2009)
    2. Freedom of Information and Protection of Privacy Act (FOIPOP, 1993, as amended 1999, 2004, 2007)
  8. Information and Privacy Commissioner of Nunavut / ᑲᒥᓴᓇ ᐃᒻᒥᒃᑰᖅᖢᓂ ᑲᒪᔨᓐᖑᖅᑎᑕᐅᓯᒪᕗᖅ ᓄᓇᕗᑦ / Naunaipkainiq
    Tuhaqtipkailinirmutlu Kamisina
    1. No current law noted on Privacy in the Private Sector
  9. Information and Privacy Commissioner of Ontario
    1. Personal Health Information Protection Act (PHIPA)
  10. Information and Privacy Commissioner of Prince Edward Island
    1. No current law noted on Privacy in the Private Sector
  11. Commission d'Accès à l'Information du Québec (Quebec Commission on Information Access)
    1. Respecting the Protection of Personal Information in the Private Sector Act (Translated)
  12. Office of the Information and Privacy Commissioner for Saskatchewan (OPIC)
    1. Freedom of Information and Protection of Privacy Act (PDF)
    2. Local Authority Freedom of Information and Protection of Privacy Act (PDF)
    3. Health Information Protection Act (PDF)
    4. Privacy Act (PDF)
  13. Ombudsman and Information and Privacy Commissioner of the Yukon
    1. No current law noted on Privacy in the Private Sector
Cape Verde / Cabo Verde
Central African Republic / République Centrafricaine / Ködörösêse tî Bêafrîka
Chad / Tchad / Tshād
Chile
1. Ley Sobre Protección de la Vida Privada (Law for the Protection of Private Life, in Spanish)
China / 中华人民共和国 (Peoples' Republic of)
1. None Found for Mainland
2. Regions:
  1. Guangxi
  2. Inner Mongolia
  3. Ningxia
  4. Xinjiang
  5. Tibet (Not Included Here)
3. Special Administrative Regions (SAR)
  1. Macao
    1. Personal Data Protection Act (2006) (PDF, unofficial English Translation)
    2. Gabinete para a Protecção de Dados Pessoais / 個人資料保護辦公室 / Office for Personal Data Protection
  2. Hong Kong, Special Administrative Region, People's Republic of China
    1. Office of the Privacy Commissioner for Personal Data
      1. Chapter 486 – Personal Data (Privacy) Ordinance
4. Also Claim Taiwan, Not Included Here.
Colombia
1. Note: Including the Archipelago of San Andrés, Providencia and Santa Catalina
Comoros / Union des Comores / al-Ittiḥād al-Qumuriyy
Congo (Democratic) / République Démocratique du Congo / Zaire / Belgian Congo / Zaïre
Congo (Republic) / République du Congo / Repubilika ya Kongo / Republiki ya Kongó
Cook Islands / Kūki 'Āirani , Includes:
1. Atiu / Enua Manu / Island of Birds
2. Ma'uke / Akatokamanava
3. Mitiaro / Nukuroa
4. Aitutaki / Araura Enua
5. Mangaia / Auau Enua
6. Rarotonga / Tumutevarovaro)
7. Avarua
8. Palmerston Island / Pamati
9. Manuae
10. Takutea
11. Winslow Reef
12. Manihiki / Te Fuinga O niva
13. Nassau
14. Penrhyn Island / Tongareva / Mangarongaro
15. Pukapuka /Te ulu o te watu
16. Rakahanga / Tapuahua
17. Suwarrow / Suvorov
18. Tema Reef
19. Note: Generally administered with New Zealand
Costa Rica
Croatia / Republika Hrvatska (Member CE, CE185, CEEP)
1. Agencije za Zaštitu Osobnih Podataka (Personal Data Protection Agency, in Croat)
2. Personal Data Protection Act (PDDA) (Translated PDF)
3. Amendements to PDDA (Translated PDF)
4. Regulation on Keeping Patients Records (Translated PDF)
5. Regulation on Storage of Personal Data (Translated PDF)
Cuba (Despotic Regime)
1. None Found
Cyprus / Κυπριακή Δημοκρατία / Kypriakí Dimokratía / Kıbrıs Cumhuriyeti (Member EU, Schengen (not implamented), CE, CE185)
1. Γραφείου Επιτρόπου Προστασίας Δεδομένων Προσωπικού Χαρακτήρα (Office of the Commissioner for Personal Data Protection, in Greek)
2. Processing of Personal Data (Protection of the Individual) Law (Translated PDF)
3. Amendment to Law (Translated PDF)
Czech / Česko (Member EU, OECD, Schengen, CE, CEEP)
1. Úřad pro Ochranu Osobních Údajů (UOOU) (The Office for Personal Data Protection, in Czech)
2. Act 101 on The Protection of Personal Data (Consolidated version, translated PDF)
Denmark (Member EU, OECD, Schengen, CE, CE185) (Rose noble Danskere)
1. Datatilsynet (Danish Data Protection Agency, in Dansk)
2. Act on Processing of Personal Data (Translated)
Djibouti / Jumhūriyyat Jībūtī / Jamhuuriyadda Jabuuti / République de Djibouti
Dominica
Dominican Republic
East Timor / Democratic Republic of Timor-Leste / Repúblika Demokrátika Timór Lorosa'e / República Democrática de Timor-Leste
1. Including Atauro / Kambing Island, Jaco / Jako Island, Oecussi-Ambeno,
Ecuador
Egypt / Mişr
1. None Found
El Salvador
Equatorial Guinea / Guinea Ecuatorial / Ecuatorial Guyana / Guinée Équatoriale / Guiné Equatorial
Eritrea / ኤርትራ / Ertra
1. None Found
Estonia / Eesti (Member EU, Schengen, CE, CE185, CEEP)
1. Andmekaitse Inspektsioon (Data Protection Inspectorate)
2. Personal Data Protection Act (Translated RTF)
Ethiopia/ ኢትዮጵያ / Ityop'iya
1. None Found
Fiji / Matanitu ko Viti / फ़िजी) (Despotic Regime)
Finland (Member EU, OECD, Schengen, CE)
1. Dataombudsmannens Byrå (The Offiice of the Data Protection Ombudsman, in Finnish)
2. Personal Data Act (Translated, Original Act)
3. Act on the amendment of the Personal Data Act (Translated RTF)
4. Act on the Protection of Privacy in Working Life (APPWL, translated PDF)
5. Amendments to APPWL (in Finnish)
France (Member EU, OECD, Schengen, CE, CE185)
1. Commission Nationale de l'Informatique et des Libertés (CNIL, Data Protection Authority, in French)
2. Loi Informatique et Libertés (Information and Freedom Law, 1978, in French)
3. Loi pour la Confiance dans l'économie Numérique (Confidence in the Digital Economy Law, 2004, modifying the 1978 law, above, in French)
4. Note: French Regions (régions d'outre-mer), sometimes administered as part of the French Republic, include:
  1. French Guiana / Guyane (EU)
  2. Guadeloupe / Gwadloup / குவாதலூப்பே (EU, But not a part of Schengen)
  3. Martinique (EU)
  4. Reunion/ Réunion / Île Bourbon / றியூனியன் (EU)
5. Note: French Overseas Collectives (collectivités d'outre-mer), generally administered as part of the French Republic, include:
  1. Corsica / La Corse (almost as autonomous as a French Region)
  2. French Polynesia / Polynésie Française (semi-independent parliament), including:
    1. Ahe / Ahemaru / Omaru
    2. Bora-Bora / Bollabolla / Pora Pora
    3. Hiva Oa
    4. Huahine (2 islands)
    5. Maiao (2 islands)
    6. Maupiti
    7. Mehetia / Meetia
    8. Morea / Aimeho / Aimeo / Eimeo / York Island
    9. Nuku Hiva / Nukahiva / Île Marchand / Madison Island
    10. Raiatea
    11. Tahaa / Oataha
    12. Tahiti
    13. Tahuata
    14. Tetiaroa
    15. Tubuai
    16. Tupai (and group)
    17. Rimatara
    18. Rurutu
  3. Mayotte / Maore / Mahori (will become a Department in 2011)
  4. Saint-Barthélemy / Sankt Barthelemy / Saint Barts (member EU)
  5. Saint-Martin (member EU)
  6. Saint-Pierre and Miquelon
  7. Wallis and Futuna / Territoire des îles Wallis et Futuna / Uveo mo Futuna
6. Note: Unique "Land" in the French system, administered as part of the French Republic (until 2014):
  1. New Caldeonia / Nouvelle-Calédonie / Kanak
7. Note: Unique "Territory" in the French system, administered as part of the French Republic:
  1. French Southern and Antarctic Lands / Terres Australes et Antarctiques Françaises (TAAF)
8. Note: Unique "Property" in the French system, administered as part of the French Republic:
  1. Clipperton Island
Gabon
Gambia
Georgia / საქართველო / Sak’art’velo (Member CE)
Germany / Deutchland (Member EU, OECD, Schengen, CE)
1. Bundesdatenschutzgesetz (BDSG, in German, 1990 Privacy Law )
2. Bundesdatenschutzgesetz (PDF, in German, 2006 Federal Data Protection Law)
3. Novellierung des BDSG in den Bereichen Adresshandel, Werbung und Datenschutzaudit (German PDF, 2008 Amendment of the Data Protection Act to address the areas of trade, advertising and data protection audit)
4. Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BFDI, The Federal Commissioner for Data Protection and Freedom of Information)
5. Regions:
  1. Landesbeauftragte für den Datenschutz Baden-Wüerttemberg (LFD, Baden-Wuerttemberg State Data Protection Bureau)
  2. Bayerischen Landesbeauftragten für den Datenschutz (Bayer State Data Protection Bureau)
  3. Berliner Beauftragte für Datenschutz und Informationsfreiheit (BlnBDI, Berlin Commissioner for Data Protection and Freedom of Information)
  4. Landesbeauftragte für den Datenschutz und für das Recht auf Akteneinsicht Brandenburg (Brandenburg State Commissioner for Data Protection and Access to Information for Data Protection and Access to Information)
  5. Landesbeauftragten für Datenschutz und Informationsfreiheit der Freien Hansestadt Bremen (LDA, State Bureau for the Protection of Data and Freedom of Information of the Free Hanseatic Bremen)
  6. Hamburgische Beauftragte für Datenschutz und Informationsfreiheit (Hamburger Commission for Data Protection and Freedom of Information)
  7. Hessischen Datenschutzbeauftragten (Hesse Data Protection Bureau)
  8. Landesbeauftragte für den Datenschutz und Informationsfreiheit Mecklenburg-Vorpommern (State Bureau for the Protection of Data and Freedom of Information of Mecklenburg-West Pommerania)
  9. Landesbeauftragte für den Datenschutz Niedersächsen (Niedersachsen State Commissioner Data Protection Bureau)
  10. Landesbeauftragten für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI, North Rhine-Westphalia State Commissioner for Data Protection and Freedom of Information)
  11. Landesbeauftragte für den Datenschutz Rheinland-Pfalz (Rhineland-Palatinate State Bureau for the Protection of Data)
  12. Landesbeauftragte für Datenschutz und Informationsfreiheit Saarland (State Bureau for the Protection of Data and Freedom of Information of Saar)
  13. Sächsische Datenschutzbeauftragte (Saxony Commissioner for Data Protection)
  14. Landesbeauftragte für den Datenschutz Sachsen-Anhalt (Saxony-Anhalt State Commission for Data Protection)
  15. Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein (Independent Centre for Privacy Protection Schleswig-Holstein)
  16. Thüringer Landesbeauftragten für den Datenschutz (TLFD, Thuringia State Commission for Data Protection)
Ghana
1. None Found
Greece / Ελλάδα (Member EU, OECD, Schengen, CE)
1. Αρχής Προστασίας Δεδομένων Προσωπικού Χαρακτήρα / Hellenic Data Protection Authority, in Greek)
2. Protection of Individuals with regard to the Processing of Personal Data (Translated PDF)
3. Protection of personal data and privacy in the electronic telecommunications sector and amendment of law 2472/1997 (Translated PDF)
4. Guidelines for Data Controllers
Grenada
Guatamala
Guernsey / Bailliage de Guernesey (UK Protectorate, not a part of the EU)
1. Data Protection Commissioner
  1. Notification Exemption Self-Assessment Guide
  2. Breach Notification Handbook (PDF)
2. Data Protection (Bailiwick of Guernsey) Law (PDF)
Guinea / Guinée
1. None Found
Guinea-Bissau / Guiné-Bissau / Portuguese Guinea
Guyana / British Guiana
Haiti / Haïti / Ayiti
1. None Found
Holland / Dutch / Netherlands / Nederland / Nederlanden /Hulanda / Ulanda (Member EU, OECD, Schengen, CE, CE 108)
1. College Bescherming Persoonsgegevens (College of Personal Data Protection, in Dutch)
  1. Guidelines for Personal Data Processors (English PDF)
  2. Privacy Audit Framework (English PDF)
  3. Privacy: Guidelines for the Workplace (Dutch PDF)
2. Wet Bescherming Persoonsgegevens (WBP, Personal Data Protection Act, Dutch PDF)
Honduras
Hungary / Magyarország (Member EU, OECD, CE, CE185, CEEP)
1. Protection of Personal Data et al Act
2. Data Protection (and Freedom of Information) Commissioner of Hungary
3. Excerpts from The Criminal Code, Section 177/A (Unjustified Data Handling) and Section 177/B (Misuse of Special Personal Data) (Translated)
Iceland / Island (Member OECD, Schengen, CE)
1. Persónuvernd (Data Protection Authority, in Icelandic)
  1. Rule 299/2001 – Security of Personal Data (Translated)
  2. Rights of Patients Act (Translated)
2. Act 77/2000 – The Protection of Privacy (In English)
India / भारत गणराज्य / Bhārat Gaṇarājya / ভাৰত / ભારત / ഭാരതം / ਭਾਰਤ / இந்தியா
1. Department of Information Technology
2. Information Technology Act of 2000 (See section 72)
3. IT Act Amendment of 2008 (PDF)
Indonesia
1. Law on Information and Electronic Transaction Number 11 (2008) – no source found
Iran (Despotic Regime)
1. None Found
Iraq (not while being wholly owned and operated)
1. None Found
Ireland / Éire (Member EU, OECD, CE, Schengen (only partially implamented))
1. Data Protection Commissioner
  1. Breach Notification Guidelines
  2. Guidelines for Private Sector Sharing of Personal Data
2. Data Protection Act (Original)
3. European Communities (Electronic Communications Networks and Services) (Data Protection and Privacy) Regulations 2003
4. Informal Consolidation of the Data Protection Acts 1988 and 2003
Isle of Man / Ellan Vannin (Protectorate of the UK, not part of the EU)
1. Isle of Man Data Protection Supervisor
  1. Code of Practice for Privacy Notice (PDF)
2. Data Protection Act (PDF)
Israel / מדינת ישראל
1. הרשות למשפט, טכנולוגיה ומידע / Israeli Law and Information Technologies Authority (ILITA)
2. חוק הגנת הפרטיות (Defense of Privacy Law, including data, in Hebrew DOC) (translated DOC)
3. Communication Data Law (Criminal Law, Hebrew PDF)
Italy / Italia (Member EU, OECD, Schengen, CE)
1. Garante de la Protezione dei Dati Personali (Supervisor of Protection of Personal Information)
2. Code for the Protection of Personal Data (hard to believe, I know, but this is very complicated, half in Italian, half English, one third PDF)
3. Codice della Privacy Dlgs 196/2003 (Code for the Protection of Personal Data, hard to believe, I know, but this is very complicated, half in Italian, half English, one third PDF)
4. Law 675 (Italian, will eventually lead to a PDF)
Ivory Coast / Côte d'Ivoire
1. None Found
Jamaica
Japan / 日本 / Nippon / Nihon (Memeber OECD, CE185)
1. 内閣府 (Japanese National Cabinet, Personal Life Policy office)
2. Law on the Protection of Personal Information (Translated PDF)
Jordan / Al-Mamlakah al-Urdunniyyah al-Hāshimiyyah
1. None Found
Kazakhstan / Қазақстан / Qazaqstan
1. In June 2009 Kazakhstan passed and enacted one of the most anti-privacy laws around
Kenya
1. None Found
Kiribati / Gilbert Islands
Kuwait
1. None Found
Kyrgyzstan / Кыргыз Республикасы / Kyrgyz Respublikasy / Кыргызская Республика / Kyrgyzskaya Respublika
Laos / ນລາວ
Latvia / Latvija (Member EU, CEEP)
1. Datu Valsts Inspekcija (State Data Inspectorate, in Litvak)
2. Personal Data Protection Law (Translated)
3. Regulation 40 – …Technical and Organizational Requirements for Protection of Personal Data Processing Systems (Translated)
Lebanon
Lesotho
Liberia
Libya (Despotic Regime)
1. None Found
Liechtenstein (Schengen (not implemented), CE)
1. Datensammlungen (DSS, Data Protection Directorate, in German)
Lithuania / Lietuva (Member EU, Schengen, CE, CE108, CE185, CEEP)
1. Valstybinė Duomenų Apsaugos Inspekcija (State Data Protection Inspectorate, in Lithuanian)
2. Law on the Ratification … Protection of … Automatic Processing of Personal Data (ETS108) (Translated DOC)
3. Code of Administrative Law Violations (In Lithuanian)
4. Law on Electronic Communications (Translated PDF)
5. Law on Legal Protection of Personal Data (Translated PDF)
6. Law on Legal Protection of Personal Data Amendment (Translated)
Luxemburg / Lëtzebuerg (Member EU, OECD, Schengen, CE)
1. Comm/ission Nationale pour la Protection des Données (CNPD, National Commission for Protection of Information, in French)
2. Data Protection Act (Translated PDF)
3. Data Protection and Electronic Communication Law (French PDF)
4. Regulation A-200 re:Data Protection Officers (French PDF)
Macedonia / Македонија / Makedonija (Not part of Greece. Former Yugoslav Republic, CE, CE185)
1. Directorate for Personal Data Protection (DPDP, in Macedonian)
2. Law on Personal Data Protection (ZZLP, Macedonian PDF)
Madagascar / Madagasikara
Malawi / Dziko la Malaŵi
Maldives / Divehi Rājje ge Jumhuriyyā
Mali
Malta (Member EU, Schengen, CE)
1. Office of the Data Protection Commissioner
  1. Note: Many Legal Notices Available Here
2. Data Protection Act (CAP 440, PDF)
Malaysia / மலேசியா / 马来西亚
Marshall Islands / Aorōkin M̧ajeļ (in Free Associate with the United States)
Mauritania/ Mauritanie
1. None Found
Mauritius / République de Maurice
1. Information and Communication Technologies Authority (ICTA)
2. Data Protection Act (DPA, PDF)
3. Computer Misuse and Cybercrime Act (PDF)
4. Information and Communication Technologies Act (ICATA, PDF)
Mexico / United Mexican States / México (Member OECD)
1. Mexico currently regulates only privacy to/from the Federal level. Private sector legislation does not yet exist.
Micronesia, Including
1. Chuuk
2. Kosrae
3. Pohnpei
4. Yap
Moldova (Member CE)
1. None Found
Monaco / Múnegu / Mónegue (Not member of Schengen, but generally administered as if it were, CE)
1. Commission de Contrôle des Informations Nominatives (Commission of Control of Personal Information, in French)
2. Protection of Personal Data Law (1.165, PPDL, French PDF)
3. Amendment to PPDL (1.353, French PDF)
Mongolia / Монгол улс / Mongol uls
Montenegro / Црна Гора / Crna Gora (Member CE)
Morocco / al-Maġrib
1. None Found
Mozambique/ Moçambique
1. None Found
Myanmar / Pyi-daung-zu Myan-ma Naing-ngan-daw / Burma (Despotic Regime)
Namibia/ Namibië
Nauru / Naoero
Netherlands Antilles / Nederlandse Antillen
1. None. The Antilles Are Not covered under Dutch Law.
2. Including:
  1. Bonaire
  2. Curaçao / Kòrsou
  3. Saba
  4. Sint Eustatius / Statia / Saint Eustace
  5. Sint Maarten
Nepal / नेपाल
New Zeland / Aotearoa (Member OECD)
1. Office of the Privacy Commissioner / Te Mana Matapono Matatapu
  1. Health Information Privacy Code (HIPC, PDF)
  2. Telecommunications Information Privacy Code (TIPC (no, not making it up), PDF)
2. Privacy Act Summary
3. Privacy Act
4. Also Includes
  1. The Dependent Territory of Tokelau
  2. Parts of the Antarctic Ross Ice Shelf
Nicaragua
Niger
Nigeria / Republik Nijeriya / Naigeria / Republik Federaal bu Niiseriya / Orílẹ̀-èdè Olómìnira Àpapọ̀ Naìjírìà
1. National Health Bill (PDF)
North Korea / Hanguk (really? Would you really expect something here?) (Despotic Regime)
1. None Found
Norway / Norge (Member OECD, CE, CE108, Schengen)
1. Datatilsynet (The Date Inspectorate, in Bokmål (Norsk))
2. Personal Data Act (Translated PDF)
3. Royal Regulations on the Processing of Personal Data (Translated PDF)
4. Personal Health Data Filing System Act (Including Processing of Personal Health Data, translated)
Oman
1. None Found
Pakistan
Palau / Pelwe / Beluu er a Belau
Panama / Panamá
Papua-New Guinea / Papua Niugini
Parguay / Paraguái
1. National Secretariat of State Reform
Peru / Perú
1. Instituto Nacional de Defensa de la Competencia y de la Protección de la Propiedad Intelectual / (INDECOPI, National Institute for the Defense of Competition and Intellectual Property Protection)
2. Ley que Regula las Centrales Privadas de Información de Riesgos y de Protección al Titular de la Información (Ley Nº 27.489, Law Regulating the Privacy of Information Risk and Protection of Information Owner Law No. 27,489) – no Source found.
Phillipines / Pilipinas / Filipinas
1. NONE
Poland / Polska (Member EU, OEC, CE, CES 108), Schengen, CEEP)
1. Generalnego Inspektora Ochrony Danych Osobowych (GIODO, Inspector General for Personal Data Protection, in Polish)
2. Protection of Personal Data Law (Polish PDF)
Portugal / Pertual(Member EU,OECD, Schengen, CE)
1. Comissão Nacional de Protecção de Dados (CNPD, National Commission for Protection of Data, in Portuguese)
  1. Law Creating CNPD (Portuguese PDF)
2. Law 67/1998 – Protection Personal Data and Information (Portuguese PDF)
3. Law 32/2008 – Retention of Electronic Communications Data (Portuguese PDF)
4. Law 41/2004 – Protection of Personal Data in Electronic Communications (Portuguese PDF)
5. Law 109/1991 – Information Crimes (Portuguese PDF)
6. Portugal also controls:
  1. The Azores
  2. Madiera
Qatar
Romania / România (Member EU, Schengen (not implemented), CE, CE185)
1. Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal (The National Supervisory Authority For Personal Data Processing, in Romanian)
2. Notification Guide (Romanian)
3. Law no. 677/2001 (Translated PDF)
4. Law no. 682/2001 (Translated PDF)
5. Law no. 102/2005 (Translated PDF)
6. Law no. 55/2005 (Translated PDF)
7. Law no. 506/2004 (Translated PDF)
8. Emergency Ordinance no. 36/2007 (Translated PDF)
9. Law no. 298/2008 (Translated PDF)
Russia / Российская Федерация/ Russian Federation (Member CE, but NOT Ratified ETS 108)
1. Federal Act 24-FZ – Information, Informatization and Information Protection (Translated and now replaced by 149-FZ)
2. информации, информационных технологиях и о защите информации / Federal Act 149-FZ – Information, Information Technologies and Protection of Information (Russian)
3. Federal Act 15-FZ – "On Communication"
4. Federal Act 152-FZ – "On Personal Data" (Russian PDF)
5. Criminal Code Article 108: Violation of the Secrecy of Correspondence, Telephone Conversations, Postal, Telegraphic and Other Messages (Translated)
6. Russia Includes the Following Subject areas:
  1. Adygea
  2. Altai Republic
  3. Bashkortostan
  4. Buryatia
  5. Chechnya
  6. Chuvashia
  7. Dagestan
  8. Ingushetia
  9. Kabardino-Balkaria
  10. Kalmykia
  11. Karachay-Cherkessia
  12. Karelia
  13. Khakassia
  14. Komi
  15. Mari El
  16. Mordovia
  17. North Ossetia-Alania
  18. Sakha Republic
  19. Tatarstan
  20. Tuva
  21. Udmurtia
Rwanda
Saint Kitts and Nevis / Federation of Saint Christopher and Nevis / Saint-Christophe et Nevis
Saint Lucia / Sainte Lucie
Saint Vincent and the Grenadines
Samoa / German Samoa / Western Samoa / Malo Sa'oloto Tuto'atasi o Samoa / Sāmoa
San Marino (Member CE, but NOT Ratified ETS 108)
1. Office of the Guarantor for the Safeguard of Confidential and Personal Data
São Tomé and Príncipe / São Tomé e Príncipe
Saudi Arabia / as-Saʿūdiyyah / Roubah El-Hali
1. None Found
Senegal / Sénégal
1. None Found
Serbia / Србија / Szerbia (Member CE)
Seychelles / Sesel
Sierra Leon
Singapore / Singapura / 新加坡 / சிங்கப்பூர்
1. E-Commerce Code for the Protection of Personal Information and Communications of Consumers of Internet Commerce
Slovakia / Slovensko / Szlovákia (Member EU, OECD, Schengen, CE, CEEP)
1. Úrad na Ochranu Osobných Údajov (Office for Personal Data Protection, in Slovak)
2. Act 428/2002 – Protection of Personal Data (Translated PDF)
Slovania / Slovenija / Szlovénia (Member EU, CE, CE185)
1. Informacijski Pooblaščenec (IP-RS, Information Commissioner, in Slovan)
2. Personal Data Protection Act (Translated)
Solomon Islands
Somalia / Soomaaliya / As-Sūmāl (would it matter if there was a law?)
South Africa / Suid-Afrika / (CE185)
1. None Found
South Korea / Chosŏn (Member OECD)
1. Act on Promotion of Information and Communications Network Utilization and Data Protection (Translated PDF)
2. Korean Internet and Security Agency (KISA)
Spain / España / Espanya / Espainia (Member EU, OECD, Schengen, CE)
1. Agencia Española de Protección de Datos (AEPD, in Spanish)
2. Protection of Personal Data Law (Translated PDF)
3. Law 34/2002 – Information Society Services and Electronic Commerce (Translated PDF)
4. Law 41/2002 – Regulating Patient Data (Translated PDF)
5. Law 32/200 – State Telecommunications Act (Translated PDF)
6. Law 62/2003 – Modifying Data Protection Regulations (Translated PDF)
7. Regions and Districts:
  1. Datuak Babesteko Euskal Bulegoa / Agencia Vasca de Protección de Datos / Basque Agency for Protection of Data
    1. Ley 2/2004, de Ficheros de Datos de Carácter Personal de Titularidad Pública y de Creación de la Agencia Vasca de Protección de Datos (Law 2/2004 Regarding Protection of Data of Personal Nature, of Public Access, and The Creation of the Basque Agency of Data Protection, translated PDF)
    2. Ley Orgánica 15/1999, de Protección de Datos de Carácter Personal (LOPD, Law of Protection of Data of Personal Nature, in Spanish)
  2. Agencia Catalana de Protección de Datos / Catalan Agency for Protection of Data)
    1. Ley 5/2002, de la Agencia Catalana de Protección de Datos (Law (creating) of The Catalan Agency of Protection of Data, in Spanish)
  3. Agencia de Protección de Datos de la Comunidad de Madrid / Community of Madrid Agency for Protection of Data, APDCM
    1. Ley Orgánica 15/1999, de Protección de Datos de Carácter Personal (Law of The Protection of Data of Personal Character, Spanish PDF)
    2. Ley 8/2001, de Protección de Datos de Carácter Personal en la Comunidad de Madrid (Protection of Data of Personal Character in the Community of Madrid, in Spanish)
8. Note: Spain also governs the following Independent Cities:
  1. Ceuta
  2. Melilla / Tamelilt
9. Note: Spain also governs the following Independent Places:
  1. Islas Chafarinas
  2. Peñón de Alhucemas
  3. Peñón de Vélez de la Gomera
10. Note: Spain also governs the following Independent Provinces:
  1. Balearic Islands / Illes Balears / Islas Baleares, including:
    1. Cabrera
    2. Formentera
    3. Ibiza
    4. Majorca
    5. Minorca / Menorca
  2. Canary Islands / Comunidad Autónoma de Canarias, including:
    1. Alegranza
    2. El Hierro
    3. Fuerteventura
    4. Gran Canaria
    5. La Gomera
    6. La Graciosa
    7. La Palma
    8. Lanzarote
    9. Montaña Clara
    10. Tenerife
Sri Lanka / Ceylon / ශ්‍රී ලංකා / இலங்கை
Sudan (Despotic Regime)
1. None Found
Suriname / Dutch Guiana
Swaziland / Umbuso weSwatini
Sweden / Sverige (Member EU, OECD, Schengen, CE)
1. Svenska Datainspektionen (Swedish Data Inspection Board, in Swedish)
2. Personal Data Act (PDA)
3. Credit Act (In Swedish)
4. Debt Collection Law (In Swedish) (Yes, it is relevant here)
5. Patient Act (Swedish PDF)
6. Telecommunication Privacy (In Swedish)
Swiss Confederation / Switzerland / Schweiz / Suisse / Svizzera / Svizra / Helvetica (Member OECD, Schengen, CE)
1. Der Eidgenössische Datenschutz- und Öffentlichkeitsbeauftragte (EDÖB) /
  Le Préposé fédéral à la protection des données et à la transparence (PFPDT) /
  L'Incaricato federale della protezione dei dati e della trasparenza (IFPDT) /
  Federal Data Protection and Information Commissioner (FDPIC)
2. Federal Act on Data Protection (DSG / LPD / FADP, translated)
3. Ordinance on the Federal Act (Translated)
4. Les Commissaires Suisses à la Protection des Données / Die Schweizerischen Datenschutzbeauftragten / The Cantonal Privacy Commissioners' Association (Privatim, or "Privately", In French and German)
5. Cantons:
  1. Beauftragte für Oeffentlichkeit und Datenschutz des Kantons Aargau / Publicity and Privacy Officer for the Canton of Aargau
  2. Datenschutzaufsicht des Kantons Appenzell Ausserrhoden / Data Protection Supervisor of the Canton Appenzell Ausserrhoden (Outer Rhoden)
  3. Datenschutzaufsicht des Kantons Appenzell Innerrhoden / Data Protection Supervisor of the Canton Appenzell Innerrhoden (Inner Rhoden)
  4. Datenschutzbeauftragte des Kantons Basel-Landschaft / Data Protection Supervisor of Canton Basel-County (in German)
  5. Datenschutzbeauftragter des Kantons Basel-Stadt / Data Protection Supervisor of the canton of Basel-City
  6. Datenschutzbeauftragter des Kantons Berne / Data Protection Supervisor of the Canton of Bern(in German or French)
  7. Autorité de surveillance du Canton de Friborg en Matière de Protection des Données / Authority of Surveillance and Master of Protection of Data of the Canton of Friborg (Free Castle) (in German or French)
  8. Commission de contrôle de l'informatique de l'Etat de Genève / Commission of Control of Information for the State of Geneva
  9. Datenschutzbeauftragter des Kantons Glarus / Data Protection Supervisor of the Canton of Glarus
  10. Datenschutzbeauftragter der Kantonalen Verwaltung des Kantons Graubünden / Data Protection Administration Supervisor of the Canton of Graubünden (Grey Grison)
  11. Jura Commission Cantonale de la Protection des Données Jura / Cantonal Commission of Protection of Data, Jura
  12. Datenschutzbeauftragter des Kantons Luzern / Data Protection Supervisor of the Canton of Lucerne (in German)
  13. Autorité de Surveillance en Matière de Protection de la Personnalité du Canton de Neuchâtel; / Authority on the Surveiliance Regrading the Matter of Protection of People in the Neuchatel Canton (In French)
  14. Datenschutzbeauftragter des Kantone Schwyz, Obwalden und Nidwalden / Supervisor of Data Protection of the Cantons of Schwyz, Oldforest and Newforest (in almost-German)
  15. Datenschutzbeauftragter des Kantone Schwyz, Obwalden und Nidwalden / Supervisor of Data Protection of the Cantons of Schwyz, Oldforest and Newforest (in almost-German)
  16. Datenschutzbeauftragter des Kantone Schwyz, Obwalden und Nidwalden / Supervisor of Data Protection of the Cantons of Schwyz, Oldforest and Newforest (in almost-German)
  17. Datenschutzbeauftragte des Kantons St. Gallen / Data Protection Supervisor of the Canton of St. Gallen (in German)
  18. Datenschutzbeauftragter des Kantons Schaffhausen / Data Protection Supervisor of the Canton of Schaffhausen
  19. Informations- und Datenschutzbeauftragter des Kantons Solothurn / Information and Data Protection for the Canton of Solothurn (in German)
  20. Datenschutzbeauftragter des Kantons Thurgau / Data Protection Supervisor of the Canton of Thurgau
  21. Incaricato della Protezione dei Dati del Republica e Cantone Ticino / Data Protection Officer of the Republic and Canton of Ticino (in Italian)
  22. Datenschutzbeauftragter des Kantons Uri / Data Protection Supervisor of the Canton of Uri (in German)
  23. Commission Cantonale de la Protection des Données, Valais / Cantonal Commission of Protection of Data Canton of Valais
  24. Préposé à la Protection des Données du Canton de Vaud / Clerk of Data Protection of the Canton of Vaud
  25. Datenschutzbeauftragter des Kantons Zug / Data Protection Supervisor of the Canton of Zug (yes, Train) (in German)
  26. Datenschutzbeauftragter des Kantons Zürich / Data Protection Supervisor of the Canton of Zurich (in German)
6. Municiplaties:
  1. Datenschutzaufsicht der Gemeinde Belp / Data Protection Supervisor of the Community of Belp
  2. Datenschutzaufsicht der Gemeinde Berne / Data Protection Supervisor of the Community of Bern
  3. Datenschutzbeauftragter der Einwohnergemeinde Steffisburg / Data Protection Supervisor of the Residential Community of Steffisburg
  4. Datenschutzaufsicht der Stadt Thun / Data Protection Supervisor of the City of Thun
  5. Datenschutzberater der Stadt Uster / Data Protection Preacher (policy maker) of the City of Uster
Syria / Sūriyah ((Despotic Regime),Member AOE ™)
1. None
Taiwan (Republic of China)
1. Computer-Processed Personal Data Protection Law (Translated PDF)
2. Enforcement Rules (Translated PDF)
Tajikistan / Тоҷикистон / Tojikiston
Tanzania / Jamhuri Ya Muungano Wa Tanzania (Including Tanganyika and Zanzibar)
1. Telecommunication Consumer Protection Regulations (PDF)
Thailand / ราชอาณาจักรไทย / Ratcha AnachakThai
1. Office of Official Information Commission
Tibet (under Chinese control)
Togo / République Togolaise
Tonga / Pule'anga Fakatu'i 'o Tonga
Trinidad and Tubegu
Tunisia/ Tunisie
1. Loi Organique Relative à la Protection des Données Personnelles (Personal Data Protection Law, no source found)
Turkey / Türkiye (Member OECD, CE)
Turkmenistan / Türkmenistan / Turkmenia / Туркмения (Despotic Regime)
Turks and Caicos
Tuvalu ·/ Ellice Islands
Ukraine / Ucrania / України (CE)
1. Law On Information (Translated PDF)
2. Law on Data Protection in Information Systems (Translated PDF)
3. Includes the Crimea
United Arab Emirates (Includes Abu Dhabi, Ajman, Dubai, Fujairah, Sharjah, Ras al-Khaimah and Umm al-Quwain)
1. Data Protection Law 2006 (it is called "2007", replaced the 2004 law. It was made by The Ruler)
2. Dubai International Financial Centre Authority
United Kingdom of Great Britain and Northern Ireland / Teyrnas Unedig Prydain Fawr a Gogledd Iwerddon / An Rìoghachd Aonaichte na Breatainn Mhòr agus Èirinn a Tuath / Ríocht Aontaithe na Breataine Móire agus Thuaisceart Éireann / Unitit Kinrick o Great Breetain an Northren Ireland / Ruwvaneth Unys Breten Veur hag Iwerdhon Gledh (Member OECD, EU, CE, Schengen (only partially implemented))
1. Data Protection Act
2. *Information commissioner's Office
3. Note: Co-administered territories:
  1. Anguilla
4. Note: Overseas Territories
  1. Bermuda
  2. Diego Garcia (leased to the United States Government)
  3. Gibraltar (Member EU)
    1. Gibraltar Regulatory Authority
    2. Data Protection Act (PDF)
  4. Montserrat
Uruguay / República Oriental del Uruguay
1. Se Dictan Normas para la Protección de Datos Personales a ser Utilizados en Informes Comerciales , y se Regula la Acción de "Habeas Data". Ley 17.838 (Guidelines for the Protection of Personal Data in Use in Commercial Reports, and Regulating the Use of the "Habeas Data" Law 17.838 (In Spanish)
Uzbekistan / O‘zbekiston / Ўзбекистон
Vanuatu
Vatican (Holy See) / Vaticana / Vaticano
Venezuela / República Bolivariana de Venezuela (Despotic Regime)
Viet Nam / Việt Nam
Yemen
1. None Found
Zambia
1. Telecommunications (Consumer Protection) Regulations
Zimbabwe (Despotic Regime)
1. None Found

Comments (0) Trackbacks (2) Leave a comment Trackback

No comments yet.

September 20th, 2009 at 00:01 | #1

Face It! | The Security Blog
September 20th, 2009 at 00:02 | #2

How to Create a Privacy Policy Part 4 | The Security Blog

שְׁמַע | יִשְׂרָאֵל, יְיָ | אֱלֹהֵינוּ, יְיָ | אֶחָֽד:

בָּרוּךְ שֵׁם כְּבוֹד מַלְכוּתוֹ לְעוֹלָם וָעֶד

וְאָהַבְתָּ אֵת יְיָ | אֱלֹהֶיךָ, בְּכָל-לְבָֽבְךָ, וּבְכָל-נַפְשְׁךָ, וּבְכָל-מְאֹדֶֽךָ. וְהָיוּ הַדְּבָרִים הָאֵלֶּה, אֲשֶׁר | אָֽנֹכִי מְצַוְּךָ הַיּוֹם, עַל-לְבָבֶֽךָ: וְשִׁנַּנְתָּם לְבָנֶיךָ, וְדִבַּרְתָּ בָּם בְּשִׁבְתְּךָ בְּבֵיתֶךָ, וּבְלֶכְתְּךָ בַדֶּרֶךְ וּֽבְשָׁכְבְּךָ, וּבְקוּמֶֽךָ. וּקְשַׁרְתָּם לְאוֹת | עַל-יָדֶךָ, וְהָיוּ לְטֹטָפֹת בֵּין | עֵינֶֽיךָ, וּכְתַבְתָּם | עַל מְזֻזֹת בֵּיתֶךָ וּבִשְׁעָרֶֽיךָ:

The Security Blog

International Privacy Resources || International Privacy Rules | International Privacy Laws | International Privacy Regulations

International Privacy Laws and International Security Breach Laws

Supra-national Organizations

International Privacy Laws and National Breach Laws

Services

Categories

Blogroll

שְׁמַע | יִשְׂרָאֵל, יְיָ | אֱלֹהֵינוּ, יְיָ | אֶחָֽד:

בָּרוּךְ שֵׁם כְּבוֹד מַלְכוּתוֹ לְעוֹלָם וָעֶד