Who owns your data?

[jBirch]

Came across this today while trolling the Globe and Mail website:

http://www.theglobeandmail.com/servl...tory/Business/

What's interesting is the heart of the case. An American company owns the personal information collected during the regular use of a credit card. That company is subject to American law (of particular concern for Canadians is the Patriot Act). Under NAFTA, Canada can't discriminate which nationality of companies get business and so there seems to be no way of enforcing Canadian Privacy laws on American firms who hold data collected in Canada.

The interesting question is whether Data is a seperate legal entity with its own set of laws or whether it is owned by the company that acquired it. If that's the case, how do you regulate the export of information?

James.

[RITFencing]

This may not apply to credit card data, but I know ITAR (International Trade and Arms Regulations) applies to just about everything I've worked on in Los Alamos.

http://www.epic.org/crypto/export_controls/itar.html

[jeff]

Gee, the guy is using Visa International, a US company in the first place (let alone who processes the bank's e-business), and is surprised that it's subject to US law? Sheesh. Never mind Patriot Act, have a close look at AML (Anti Money Laundering) compliance.

This cuts multiple ways: US companies doing business in EU have to comply with EU laws - I had to fill out affidavits (from NYC) that my treatment of personal data (of which I had sod all) was consistent with EU law! I don't recall any of us arranging a protest.

Welcome to globalization...