ABSTRACT
This chapter suggests that further exploration of the potential for a more systematic evaluative framework for data protection should be fruitful. In data protection, evaluations form the basis for diagnosing problems and for criticizing and improving official regulatory action, and are therefore potentially usable by regulatory officials or by data controllers, politicians and interest groups. Data protection policy not only imposes obligations upon data controllers for the responsible processing of personal data, it also confers rights upon individuals as data subjects. Evaluators of the quality of data protection require some categoncal criteria against which to measure practices of different systems or the same system over time. The promotion of privacy and good computing practice are familiar concepts within the dominant discourse of privacy experts and officials. In trying to prevent privacy abuses before they occur, the technique of the Privacy Impact Assessment (PIA) has become increasingly important in many countries.
