DATA SECURITY IN THE ELECTRONIC MEDIUM
4 01 2008
In technology, there occur nedative sides of improvements that are difficult to follow as well as its positive sides. Dad that belong to individuals and corporate are under danger by using computer technology like the ways of information theft, electronic attacks, hacÂkers and information squeeze. The informaÂtion that has been taken with the information
theft is used for illegal operations and besides that, with the spread of the information, it causes difficult situations for the information owners.
Usually, public cooperation, private legal corpoÂrate, non-governmental organizations (NGO’s) and besides these, free profession owners like ( docÂtor,lawyer,banker) are also collecting data. When it is looked from a wider perspective, a large section of society always collects data and uses this data for the issues that are important for themselves.
From the beginning of 1970s, protecting indiviÂdual data has a big importance for improving econoÂmic relations between OECD countries2? However, with 1980s, there occurs fast, borderless information flow between countries with improved telecommuniÂcation devices. However, with this flow, national reÂgulations of the European Council’s member countriÂes were not enough for this, thus, it makes obligatory to prepare an international commitment in this area. In the middle of 1990s, in OECD member countries, monopoly market started to open for the rivalry and this makes telecommunication sector be rebuilt .
The suggestions that are prepared in relation with The Protection of the Security of OECD and The Transfer of Personal Information Beyond The BorÂders include general suggestions for the usage of the data that is in the hands of public and private sector from 1980s.The suggestions that OECD has prepared have 8 policies. In Turkish Law, main policies that are taken into consideration in the issues of The Law Project of The Protection of Personal Information are listed as below:
? Border policy in the issue of collecting data: collecting personal data and having its operations borders and being suitable of the data according to law, and data issue should be gathered with legal ways and with fhe individual’s knowledge and his own will.
? Quality of data policy: The policy of the necesÂsity that personal data should be correct, current and related with the aim that is going to be used.
? The particularity of the aim of collecting policy: firstly, the particularity of the aim of information collection and then, the particularity of its usage area’s border.
? The policy of data functioning being in border with the aim of collecting: The data cannot be used apart from the aims of collecting and functioning personal data except the situations that take authority from person’s own will or the law.
? The policy of providing data security: The policy of taÂking necessary precautions for preventing the usage and chanÂging for the collecting data by third people.
? Transparency policy: To give knowledge to the subject of data about the aim of collecting data, reaching the data, and the implications about personal data.
? Individual participation policy: It is the right of the perÂson to get information about any data about himself, if his inforÂmation demand is refused; to have the reasons of this situation, if his refusal about this situation is right, to be made them correct or erase the data and if it has some lacking, to be made it fully completed.
? Responsibility policy: It is the policy that mentions the resÂponsibilities about the data basis owner should apply to the poliÂcies that are brought by law and in the case of not to maintain the security of collected data.
In 1970s, European Council made a project start for defining necessary policies to protect individual’s private life due to the data that were entered in the electronic information banks. At the end of this project, in the years 1973 and 1974, European CounÂcil Minister’s Committee had accepted two recommendation deÂcisions that showed policies, which were going to be applied in the electronic information banks of both private and public secÂtor. Due to this, with the leadership of Germany, the countries that are the members of the Council like Austria, France, DenÂmark and Norway had accepted special laws that were related with’ ‘Data Protection” (Protection des donnees, Datenschutz) in the end of 1970s.
The commitment numbered 108 was Turkey also signed a kind of frame comÂmitment that mentioned about general policies in 1986.This commitment witÂhout any delay. In the first article of this commitment, it has been clearly guaranÂteed by the sides of the commitment that individual’s right and his freedom canÂnot be disturbed, and it is not allowed to behave opposite of the private life’s secÂret whatever his citizenship is and wheÂrever his country . According to the foÂurth article of the commitment, it is obliÂgatory for the country that signs this commitment that country should organiÂze this situation with the framework of the principles that are mentioned in the commitment in its inner law.For applÂying the obligatory situation that is menÂtioned’in the fourth article of the comÂmitment numbered 108, “Law Project of Protection Personal Data” is prepaÂred.When this project turns into a law,Turkish Republic is going to be the side of the commitment numbered 108 that he has signed.
European Union has also signed the commitment numbered 108.The first directive about this issue was “Functioning of the Personal Data and Protecting Individual’s By Means Of Free Circulation” which was numbered as 95/46/EC in 1995.With this directive, the aim is to organize free circulation of the indiviÂduals in the countries that are the member of the Union, whether the citizen of one of those countries or not in safe in the Union and also to protect personal data. It is certain that there are fast improvements in the issues of communication and information technologies that are difficult to follow by law, due to this situatiÂon, in 2002, the directive of “Functioning Personal Data and Protecting Its Privacy in the Electronic Communication SecÂtor” numbered as 2002/58/EC was organized. Turkey is planning to legalize “The Law Project of Protecting Personal Data” which was prepared by The Ministry of Justice in 9.11.2005 with the framework of accordance with EU regulations and was banÂged to the Prime Ministry in a near future.
Turkish Punishment Law does not contain any specific articÂle about protecting personal data in means of punishment. (The articles 195 and 200 are related with the freedom of communicaÂtion, which has a relation with letter, closed envelope, telegraph, and telephone communication). Due to that reason, to organize regulations about settling the information about individuals to the information systems and its functioning and if it is met with any refusal, to prepare punishment sanctions are mentioned in the Project of Turkish Punishment Law3?
1982 Turkish Republic Constitution had organized the resÂponsibility for taking protection of the main rights and freedom of the social law state in the General Basics section4? Taking under protection of the need for security for the people even for the atÂtacks that come from his own state is the primary weapon of the supporters of data securiti. In the further parts of the 1982 ConsÂtitution ,it is mentioned that even a person has a guilt, his right of security is still going to be protected.
In Turkish Civil Law, the articles related with protecting indiÂviduality rights in our Law Regulation take place. According to the 24th. Article of Turkish Civil Law, the person whose indiviÂdual rights has been attacked in a way against law can want proÂtection against the people who attacks. Besides that, number of individual asset and the ways of attacking to them can change deÂpendently on time, technological developments and daily needs. Due to that reason, according to the previous and the new regulaÂtions, judge has the right of organizing to define the individual asÂset within daily requirements. The judge will use doctrine and coÂurt’s decision in that situation.
12th article of Electronic Signature Committee numbered 5070 which was published in the Formal Newspaper in 23.01.2004 brought regulations about giving the needed informaÂtion to the service provider of the electronic certificate and also not conducting the information to the third people without the permission of the individual and not using the information out of its aim. These items are connected to the regulation by guide prinÂciples that OECD has accepted.
According to the Law about Private Security Services numbeÂred 51887, private security personnel has the right of searching inÂdividual’s with detector ,and making their belongings pass from the X-ray and also similar kinds of security systems can be used. According to this situation, cameras can observe the areas that they are responsible. Private security companies can store the screens that are recorded by security cameras by taking intranet or IP address via Internet. Due to the risk that private security comÂpanies takes, there is a necessity of making private financial responsibility insurance for the restitution of the loss that they give to the third people, This necessity is organized for the companies that have the right for working in Turkey,
In telecommunication sector, it can be claimed in the third arÂticle of the regulation about the Functioning of the Personal Data and Protecting Its Privacy that, if personal information/data is inÂterpreted in a narrow way, it is limited with the items that are mentioned in the article. Personal infonnation in the article is deÂfined as; identity number, physical, logical, economic, cultural or social identity, health, genetic, ethnic, religious, familiar and poÂlitical information are defined related with an individual or corpoÂrate. However, this interpretation of this concept in a narrow way does not realize the aim of the regulation.
Especially, in the telecommunication sector, it is a fact that privacy is a base. According to this, it is forbidden for the third person to listen, record, keep, cut and observe the telecommuniÂcation. The only exception for this situation is in the situation with the permission of law or decision mechanisms, so only by this way, the communication of the sides can be listened or recorÂded. Another way of data usage is; if the subscriber or the user alÂlows to the administrator that he takes the service from, for the service and the marketing of the telecommunication, the admiÂnistrator can use the data for the needed content and time. The pennission that is given is always taken back by the subscriber of the user, Different regulations between countries can create probÂlem in the issue of the privacy of the personal infonnation. For instance; due to the increase in the Internet usage day by day, peÂople gain usage right by subscribing their names to the Network Information Centers that take place in different countries. The information like name, address, phone number that is given duÂring the subscription process has the necessity to be published in the data backgrounds that are named as Whols-Databases being open to the society.
The Law of Protection of the Personal Data has been prepared for realizing the necessity in the 4th. Article of the European CoÂuncil Commitment numbered 108 about the “Protection of IndiÂviduals against Applying Automatic Operation to the PersoÂnal Data”. The aim of this project is to collect and make personal data function in a legal way, to update it for specific and legal aims, to keep them in a suitable way for a certain period of time, to learn, change and even, erase the right of the person that the daÂta belongs to. This project as being different from the commitment numbered 108 includes individuals whose personal data are used, private law corporate and also public organizations. These persoÂnal data can be applied to the automatic operations as well as the traditional filing method. Both of the ways are included by the Project.
The people whose personal data are given to the third person without his own permission can open lawsuit according to the 24th. Article of the Turkish Civil Law by giving the reason that; there is an attack to his personal rights. In the Law of Protection of the Personal Data, administrative punishments take place and punishment sanctions take place in the 193-196.articles of the PuÂnishment Law Project. Entering personal data and operating it without permission and in an illegal way is guilt and prison puÂnishment will be given between 6 months and 3 years as it is menÂtioned in the Punishment Law Project .The punishment increases in the ratio of 1/3, if these operations are done in illegal ways. Law Project claims that if there are not enough security precautiÂons for protecting the data and if the data are learned by other peÂople or broken, it is also accepted as guilt. The project also menÂtions that all kinds of guilt that are mentioned above can be appÂlied by personal data and corporate are also responsible for this siÂtuation.
For providing data security, it is not enough to maintain only technological necessities. Whole work, administration and cultuÂral understanding in relation with the subject of knowledge, the unit that make the information function, keep, and check them is needed. In a very short time, firstly, for providing an effective leÂgal protection, the undefined items should become defined. The owner of the data should be explained by law and in addition to this; if these data have money value should be clarified. Specific standards are developing for providing data security. For instanÂce; Data Security Standard (DSS) of Paying Card Industry (PCI) is constructed in December 2004 for the aim of preventing finanÂcialloss and applying security needs by VISA, MasterCard, AmeÂrican Express, Diners Club, Discover and lCB.
In conclusion, it is illegal to store information without the perÂmission of the owner of the information except the case of priority of the public. Even, there is the permission of the person; data should be gathered only within the specific principles. Besides that, more care should be given to the issue of security of inforÂmation in consideration with developing telecommunication secÂtor.
1) MADDEN, Gary, the International Handbook of Teleeommunications’ EconoÂmics,’VVorld Telecommunications Market, Volume TU (Northampton: Edward EIgar Publishing) s. 226
http://.kgm.adalet.gov.tr/kisiselveriler.htm
http://www.e-ticaret.gov.tr/raporlar/hllkuk.htm
Tlirkiye Cllmhuriyeti Anayasasl, 1982, Madde 5.
5) Verinin, hatta veri oznesinin yonetime ait oldugll totaliter sistem resmine bakÂmak i~in okunabilecek George Orvvell’m 1984 adh romamm devletin kendisine kar§l sagladlgl glivensizligin toplum lizerindeki etkisini akIllara kazmacak §ekilde kaleme almml§tlr.
ilkiz, Fikret, Ki§ilik haklan ve ileti§im OzglirlUgli,16.04.2002
7) Ozel Gtivenlik Hizmetlerine Dair Kanunu, 5188, 10.06.2004, 25504 saYlh, 26.06.2004 tarihli Resmi Gazetede y,aymlanml§tJr.
Madde 9, Telekomtinikasyon sekt6rlinde Ki§isel Bilgilerin i§lenmesi ve GizliÂliginin Korunmasl Hakkmda Yonetmelik, 06.02.2004, R.G. No: 25365
source:
telekomdunyasi
number:55 page:56
