Source: Politika
Half a year after, we have passed the Law on Personal Data Protection, with several years of tardiness, and still there is not a man available to be working on personal data protection surveillance.
One of the more prominent phenomena of the contemporary world is that the data of another person are used more and more often in order to gain certain advantage or to cause damage.
The Federal Trade Committee in the USA (FTC), which has been publishing reports on customer complaints on this enormous market every year for six, seven years in succession, quotes ‘'identity theft'' as the most frequent cause of financial fraud complaints. The third of more hundred thousands of reported frauds relates to identity theft, and the financial effects of such theft are measured with the fantastic several tens of billions of dollars. This is about ravaging banking accounts, i.e. shopping and incurring debts on other peoples' accounts.
Comparative international practice on identity theft offers countless examples which support practically limitless ‘'imagination'' of thieves to obtain and use other peoples' personal data. Of course, the most robust personal data thefts are linked with the use of modern technologies and hacking into e-bases of personal data in banks, e-trade systems or public bodies. Identity is stolen, in some other ways by using sophisticated technologies, for example, contact or contactless reading of data from chips of smart or ID cards or passports. However, theft is frequently committed by using trivial methods, for example, classical theft of personal documents or mail, extracting the data from the relevant persons themselves in different ways, by searching paper archives, and even by digging in the garbage. And literally, from office bins, and discarded hard discs or computers of people that have access to personal data bases, designated for recycling, whose memories someone has forgotten to erase. Of course, in some cases the possibility of taking over another person's identity can offer itself, without the necessity to steal or dig, in the form of a present from a state or a private subject who has access to the appropriate data.
Recognizing the real danger from identity theft, most countries strive to promote personal data protection. Some measures, new incriminations, special police forces, special prosecutors, more severe penalties and penal policy, are repressive but the focus of the fight for personal data protection is not repressive, but the preventive domain. Thus, clear rules on personal data management are defined by regulations, as well as their use, storage and destruction if necessary. These regulations define who and to what extent can have access to personal data, and in certain cases it is required that there is ‘'inerasable trace''- evidence of that. And what is most important, as the accent is on real protection not only on protection on ‘'paper'', independent public bodies, whose aim is to oversee and ensure that these rules are implemented, are established. Almost everywhere, they have all necessary resources, lesser or greater, but nowhere insubstantial. An illustration of this is the information that in all former Yugoslav republics (except for Montenegro) there are laws on personal data protection, harmonized with European standards, and surveillance and protection is performed by twenty or more people, which is a confirmation of their ability and effort to follow the growing European trend of protection.
In the light of this, the unavoidable question is - How are we doing? Serbia has signed the Stabilization and Accession Agreement with EU, which, among other things, contains our obligation to harmonize our legislation with EU standards and form an independent monitoring body with all necessary powers and resources to provide implementation of these standards. We have ratified an Additional Protocol to the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, signed prior to this. We have a new Law on Personal Data Protection which is based, though not entirely, on EU standards. However, things are a lot worse in practice. Does not the information, that after we have passed the Law on Personal Data Protection with several years of tardiness, and that still there is not a man available to be working on tasks on personal data protection surveillance, speak, in the best case, of our antediluvian ‘'faith'' in the famous ‘'this does not exist here'' *The Commissioner for Information of Public Importance Rodoljub Sabic
