Vast amounts, petabytes of data are kept. Retailers like Marks & Spencer’s, Tesco, Morrison’s keep huge customer databases, recording every customer's purchase. In fact anyone with a loyalty card, credit card, membership card or discount card will be the subject of a database record somewhere.
Search engines and online stores such as Google and Amazon record every site, page or item looked at, all with the aim of providing you with better results or with information you like.
Even individuals keep large amounts of data. Companies like Microsoft, Google, Drop Box etc provide individuals with Cloud storage services. These are popular, because despite the risk, users can access their data from any internet connect device from anywhere in the world
Here we have a problem. Although the user or the data subject might be in one country, the data is probably stored in another.
And if your data is stored in another country, then which laws apply that give you some legal protection against data loss, theft, misuse etc?
Data depending on where its stored in the world is subject to different levels of legal protection. Some of this is due to different definitions of what the word 'data' means. Others because different laws apply or give a different priority to the privacy of individuals.
In the UK, the data belonging to individuals and companies are given considerable protection through the Data Protection Act 1988, but this only applies to data stored in the UK. Europe provides good protection, but again only protects those people within the EC and data stored in the EC.
Data is less well protected in America, partly because of all the different states have their own take on data and the degree to which it should be protected.
Data protection Act 1988 Revisited
The DPA 1988 is the main legal framework in the UK for managing personal information. It is overseen by the Information Commissioner’s Office (ICO). The ICO maintains a register of all organisations that use personal data and any organisation or individual that intends to use personal data must register with the ICO first. It's the ICO that takes action against those that breach the act and complaints about breaches of the act must be made with them.
Definitions: A Reminder
As always in law, definitions are important.