Up to now there has not been enough attention for confidentiality and privacy in relationship to good governance. This can be explained by the focus on institutions and on quantitative method, These types of studies have been conducted on a higher theoretical level and methodological plane and has rarely, if ever influenced the debate on privacy (Bennett).
More legislation is required. Political science has long been divided over the differences between normative and empirical methods. The former concentrates on what should to be; the latter on what is. At the heart of the privacy problem lays the question of power. It is, therefore, an inherently and inescapably political problem (Bennett). Legislationis required to ensure privacy and Fair Information Practices.
Privacy is protected by international law. It is regulated by article 8 of the European Convention of Human Rights (1950) and article 17 of the International Covenant on Civil and Political Right of the United Nations(1960). This right has further developed but there is still a long way to go.The situation differs per region and per country. India is dedicating attention to this issue (Ryan et. al., 2011).
Privacy laws can be classified into general privacy laws and specific privacy laws. These specific are designed to regulate specific privacy aspects. For example: Health privacy laws, Financial privacy laws, Online privacy laws, Communication privacy laws, Information privacy laws, Privacy in one’s home, Fair information practices.
The criteria for Fair Information Practices are: Relevance, Integrity, Written Purpose, Need-to-Know Access, Correction, Consent (Yasnoff,2003).
Relevance: All information collected should be necessary and relevant or required by law. The benefits of information should outweigh privacy concerns.
Integrity: The integrity of information should be protected. Loss should be prevented, just like interception and misuse. The data should be maintained accurate, complete and misuse. Unauthorized alteration of destruction.
Written Purpose: All information collected should be consistent with written purposes and/or required by law.
Need-to-Know Access: All confidential information should be accessible only on a need-to-know basis, both internally and externally. All personal should sign a confidentiality agreements and the accesss hould be terminated when duties change. External release for research requires management approval.
Correction: Individuals should have access to information about themselves and the ability to correct this information to the extent allowed by law.
Consent: Information must be collected with the consent of the individual except as required by law.