Chapter Two: Literature Review
Much as governments all over the world are implementing e-government the same way that they are enacting privacy and data protection laws to protect information collected about their citizens. Even though the Government of Ghana has not implemented e-government, privacy and data protection (PDP), one can see aspects of these being practised in the day to day activities of the people of Ghana (ref?). Some major organisations like the banks ensure the privacy and data protection of their customers. Government departments communicate with each other through the use of email. However one can still see major transactions like health care delivery, renewing driver's license and filling tax forms being done manually. The move by the Government of Ghana to implement e-government will have serious implications and concern on the privacy of the citizens.perhaps decide at this early stage whether its 'privacy' or 'privacy and data protection' - so far you use both. This is due to the fact that e-government involves using Information, Communication and Technologies (ICT) to provide services to the people; and in so doing governments collect and use a wide range of personal information about their citizens. This poses a wide range of privacy concerns (Anderson, 2003). Again, at this early stage... decide if page numbers are being included and if so then - do it now.
You provide and effective introduction to the topic in the para above, but I just wonder whether you could now, in a second brief paragraph, 'introduce' or explain to the reader how your Lit rev is structured to address the key issues - say what they are and how they will be addressed . It would provide an effectlive link to the next and subsequent papragraphs/sections.
Chaffey (2004) defines e-government as 'the use of internet technologies to provide government services to citizens'. It is also a way that Governments liaise with their various departments through the use of ICT. Also through e-government governments are able to provide better, effective and efficient services to their citizens. E-government plays a major role in democratic process of governments, especially for developing countries like Ghana.
According to Heeks (2001), [through e-government, governments efficiently and effectively produce] wording:
- the same outputs at lower total cost;
- more outputs at the same total cost; and
- same outputs at the same total cost in less time.
Thus one can say that e-government is a key and necessary factor for governments in providing better, efficient and effective services to their citizens. The achievement of e-government is through the medium of Information and Communication Technology (ICT). In other words ICT is a major factor in the implementation of e-government with an range of associated , privacy and data protection issues.
Heeks (2001) brings out the importance of ICT in e-government by stating that "e-governance is the ICT-enabled route to achieving good governance. It integrates both the processing and the communication technologies; and it integrates people, processes, information, and technology in the service of achieving governance objectives". ICT has changed the way personal data are collected, processed, stored and even communicated. Ironically, apart from financial constraints ICT is one major reason that is hindering the smooth implementation of e-government, privacy and data protection in Ghana (ref?). The country lacks the necessary infrastructures in terms of information, communication and technology.
Since e-government involves "collecting, retaining, and managing personal data" no government can effectively implement it without considering the issue of privacy and data protection. Privacy and data protection has been a matter of concern to all and sundry recently. Many societies throughout the world are currently designing or implementing national schemes for privacy and data protection (Howley et al, 2002 - I think I was citing the PI survey). Ghana, as a developing country, has not as yet implemented any privacy and data protection laws. However, its 1992 constitution makes provision for the fundamental human rights and freedoms of the individuals. Although, not specifically mentioned, privacy and data protection of persons (irrespective of colour, gender, religion, creed, race and place of origin) living in Ghana could be taken to be among the fundamental human rights and freedoms. Actually the constitution of Ghana makes provision for 'privacy of home, property, correspondence or communication' (The Constitution of the Republic of Ghana, 1992). However, there is no law in the country to regulate the back privacy of personal sensitive data.
E-government in Developed and Developing Countries
'Lack of access to the Internet and other technologies, low literacy levels, and often lack of interest or willingness to use the new technologies,' (REF) are among the main differences between developed countries and less developed countries when it comes implementation of e-government.
In the developed countries, the quest for governments to improve the services they offer to their citizens has led to the implementation of e-government being a major issue on governments programme. Beynon-Davies (2004) points out that 'the political environment of Western [developed] countries has been much subject to the influence of ICT in the areas of electronic government (e-government) and electronic democracy (e-democracy) in recent times'. Developing countries in order not to be left behind and also in an effort to bridge the digital divide are adopting ICT and e-government policies.
The implementation of e-government in the developed countries has been possible due to the fact that the infrastructure in terms of internet and other technologies are already in place. Moreover, the citizens show interest and are more than willing to use the online services. The same cannot be said about developing countries in that infrastructure are inadequate; and access to internet is limited. Also low level of computer literacy infers that only a few will be able to use the electronic services.
E-government, Privacy and Data Protection in Ghana
Knowing how important e-government is to the economic growth and the democratic governance in the country, the Government of Ghana has already taken steps to initiate [some form of the process] a bit vague. The government has a website in place to disseminate information to the citizenry. Interestingly this website is accessible to a minority few who are privilege to have access to the internet. Out of a population of 22,931,299 only 609,800 are internet users (World Factbook, 2008). This low figure of internet users is worrying since that means when e-government finally implemented it is going to benefit the privilege few who have access to internet. But surely the data of those without internet access will still be better protected if their data is regulated and protected by the increasing amount of e-gov overall. Hopefully the gov will apply good/better data handling procedures not just to e-gov data (internet generated) but to all data.
It must be stated that online or electronic services where the general public can apply for passport, driving licence of file tax returns areis non existent. According to the Ghana Ministry of Communications, 'an e-Government Strategy Task Group has been mandated to develop a roadmap and a blue print for e-Government'. This group has been tasked to come out with a comprehensive report on the strategy which will be submitted to cabinet (Ministry of Communications, 2008).
When the Government of Ghana finally implements e-government it (the gov?) will raise privacy concerns. These concerns will be as a result of Government collecting, processing and storing of data. Thus there should be some form of privacy and data protection legislation to safe guard the data and allay the fears and concerns of the general public.
Privacy and Data Protection
Privacy and data protection are two different issues, but are interrelated. They are different in the sense that according to Szewczak (2001) and Cate (1997), privacy is 'the claim of individuals, groups or institutions to determine for themselves when, how, and to what extent information about them is communicated to others'. Data protection on the other hand refers 'to the law relating to the use of personally identifiable data' (Hook, 1989). The importance of privacy cannot be under-rated. It has been one of the most explosive issues to emerge in this ICT information communication and technology age (Spinello, 1995).
Researchers and writers on privacy issues agree that privacy is difficult to define and that there is no one definition for the term (Clarke, 1999; Tavani, 2004). [As a matter of fact, it has been particularly difficult to define it[ ? I think this sentence can be removed. However some authorities on privacy have [come out]? with various definitions and descriptions. Clarke (1999) defines privacy as 'the interest that individuals have in sustaining a 'personal space', free from interference by other people and organisations'. Ratson et al (2000) describe privacy 'as the desire for individual control over oneself and how that information is used'. Westin (1970) defines privacy as 'the claim of individuals, groups or institutions to determine for themselves when, how, and to what extent information about them is communicated to others'. Chaffey et al (2003) also refer to privacy as 'a moral right of individuals to avoid intrusion into their personal affairs by third parties'. These are just a few of the many definitions for privacy. Do you wish to do a little more with these contributions?
Perhaps, various countries' different legislations and possibly different cultures are factors to the many and different definitions of privacy. For instance, the meaning of privacy to the Ghanaian people is non-intrusion, into someone's private life. Even the provision in the 1992 Cconstitution of Republic of Ghana [makes towards the provision is] ?wording "privacy of home, property, correspondence or communication". Thus, the way privacy is understood in Ghana can be put more clearly in the words of Tavani (2004): 'freedom from interference into one's personal affairs'.
The information, communication and technology ICT age is also a factor to the many and different meanings and definitions to privacy. ICT has changed the way personal data for instance are collected, processed and stored. This has made privacy to be understood and defined in countries (for instance US and the EU member states) as "access to and control of personal information' (Tavani, 2004). Thus whiles privacy is understood to mean non-intrusion into individuals' social and personal life in Ghana; in the US and other EU countries, it 'involves access to and control of personal information'. These clearly show that the definition of privacy depends on the circumstances and context from which it is taken. That is whether one is talking, among other things, about: personal privacy, communication privacy and data privacy.
Data protection is defined as 'essentially that area of the law that governs what may, and what may not, be done with personal information' (Privacy and Data Protection Limited, 2002). Macaulay and Watts (2002) explain that 'Data Protection is about looking after people's privacy by making them aware of how information about them is obtained, how it is used and so that it is processed in way that is fair to them'. It seeks to legally protect the privacy rights of individuals. In other words it is the law that safe guards an individual personal information/data from being misuse. Thus one can arguable say, data protection (Act) protects the privacy of individuals or people.
It is obvious that 'privacy and data protection overlap, with each having a wider scope' (Cate, 1997). This research thus recognises the close interrelationship between these two issues and as such deals with privacy and data protection together, while still recognising the possible dissimilarity between them. OK!
Privacy and Data Protection Legislation in Ghana
The fact that the United Nations came out in December 1990 with Resolution 45/95 entitled 'Guidelines for the Regulation of Computerized Personal Data Files', gives credence to believe that the issue of privacy and data protection is very important. This resolution among other things urges member countries to 'develop regulations that require fairness, accuracy and transparency of data files' (Ratson, 2000). This was supported/strengthend by the Montreux declaration - http://www.hunton.com/files/tbl_s10News%5CFileUpload44%5C12231%5Cmontreux_declaration-kuner.pdf
Under chapter 5 of the 1992 constitution is it upper or lower case "C"? of the Republic of Ghana, among the fundamental human rights and freedoms, is protection of privacy of home and other property. The fact that provision has been made for privacy in the constitution makes it an important issue. However, this provision has nothing to do with access, collection, processing and storing of personal data/information.
There is a clear evidence of concern globally over the protection of personal data. The speedate at which governments are enacting or amending privacy legislations attest to this fact. The primary aim of countries developing or enacting privacy and data protection laws is to safeguard the privacy and personal data of their citizens. One can also say that it is to promote economic growth, security and to meet international standards. For instance, without the passing of the Safe Harbour in the US (ref), it would not have been possible to transfer airline passenger data from the EU member countries to the US authorities (aruably it still isn't legal! Data gathered for airline catering should not be used for other purposes, ie. ethnic screening and profiling); and also it would not have been possible for organisations in the same EU member states to transfer personal data of individuals to the US for whatever purpose. This is due to the fact that, organisations in EU countries can only transfer data to another country which has 'adequate' privacy legislation in place.
Privacy and data protection issues actually go beyond legislations or enactment of laws by governments. A look at some of these laws shows that they differ from country to country. Different countries have different number of principles listed in their various data protection laws. Whereas UK DPA 1998 has eight principles, US Safe Harbour has seven and Canada's privacy legislation also has ten principles. Also some countries seem to [have wording?] their legislations more strict than others. For instance, whereas organisations in EU countries can only transfer data to another country which has 'adequate' privacy legislation in place, it is rather the opposite in the US - I think this is worthy of explanation.
The US Department of Commerce developed the came out with Safe Harbour agreement mainly to to satisfy the requirements of the EU Data Protection Directive of 1995 "that prevents transfers to countries without adequate data protection laws". Safe Harbour allows free flow or transfer of personal data between the US and the European countries, thus promoting economic growth. For instance, the transfer to the US authorities of personal information of passengers travelling to the country has been possible through the passing of the Safe Harbour. Suggest use the US spelling of "harbors" see - http://www.export.gov/safeharbor/
IS Staff Involvement in the Implementation of E-government and PDP
As mentioned earlier, on e-government involves collecting, processing and storing of data of citizens by governments. Beynon-Davies emphasises the use of information systems (IS) in e-government by stating that 'ICT and information systems are being used to re-engineer aspects of governmental processes and the relation between government and the citizen'. IS essentially involves the taking in of data and processing it to produce information (Whiteley, 2004). In other words, it involves 'the gathering, processing, distribution, and use of information' (Beynon-Davies, 2002). This means that in offering electronic services to the public by the process of e-government, the citizens data need to be collected, processed and stored, and this cannot be done without the involvement of IS staff. IS staff, in the position they find themselves, are involved with gathering and processing of [people's] data. Thus, IS staff by the nature of their work have a role and contribution to make towards the implementation of e-government. Research findings have shown that they are already contributing to the provision of privacy and data protection (Howley et al, 2004, Howley, 2007).
The privacy legislations or DP Acts need professionals like IS staff to contribute to them in their various organisations. Howley et al (2004) states that 'the importance of PDP is increasing to unprecedented levels and as a consequence understanding the developing role of IS staff is critical in supporting citizens in the information society'. In a related research, Howley et al (2002) found the following among other findings that:
- 95% reported that PDP is a legitimate activity for IS staff;
- 81% felt PDP is an increasing concern for IS professionals: and
- 'IT/MIS/Systems' managers are the most important staff in bringing about PDP without systems.
Howley et al (2002) report in another research that:
'Ninety-five percent of respondents regard involvement in PDP as a legitimate activity for IS staff and 85% believe that it is an increasingly important part of their work. The acceptance of PDP as a legitimate part of their work is further evidenced by the nature of the involvement reported. Staff report considerable involvement in the area of PDP management and strategy. In more than 54% of organizations represented in the sample IS staff were 'prominent in formulating and implementing PDP polices'. In 30% of organizations IS staff are 'primarily responsible for PDP within [their] organizations'. This involvement evidences a considerable acceptance by IS professionals of their role in the provision for PDP'.
Literature has helped in identifying the following among others as the areas that IS staff are already contributing to the provision of PDP:
- Training and education
- Codes of conducts, practice and ethics
- Privacy and data protection officer
- Developing a country's PDP Act
- Business management
- Project management
- Testing and implementation
- Anonymising data strategies
- Minimalist data visibility strategies
- Practice of systems analysis and design
Training and education
One contribution that the IS staff make to PDP is they undergo "training about the security aspects of their job function, especially with regard to data and security system" (Hook, 1989). The training normally takes the form of organising seminars and workshops where they 'have adequate instruction about the Data Protection Principles and the organisation's policies of handling data' (Hook, 1989).
Codes of conducts, practice and ethics
IS staff in their contribution to PDP are professionally guided by the codes of conducts, practices and ethics of their profession. This creates an environment for them to be fully aware of the value of privacy and data protection and also their responsibilities.
Privacy and data protection officer
The effective training and education put the IS staff in good stead to become privacy and/or data protection officer. In this capacity, IS staff are seen to deal effectively with information request; encourage privacy compliance by the organisation; and most importantly liaise with the Information Commissioner.
Developing an Organisation Policy and Country's PDP Act
Auditing is one security countermeasure that the IS staff contribute to PDP. This makes it possible for them to always know who has done what and at what time on their organisations' computer systems. The IS staff implement audit trails and transaction logs. This among other things prevent or detect unauthorised amendments to data files; and also ensure that access to files of data and to output is physically restricted (Hook, 1989).
Business and Project Management
One significant feature of business and project management is security. IS staff contribute to PDP in the business and project management of an organisation, especially the security aspect, by installing firewall and controlling access to individuals' personal data. Not only that, authentication, virus protection, and encryption are among the security measures that they contribute to the project. Actually, principle 7 of the UK DPA 1998 brings to the fore what is expected of IT/IS staff in terms of protection and security of personal data. It specifically entreats them to take 'appropriate technical and organisation measures....against accidental loss or destruction or damage to personal data'. This principle clearly puts responsibility of securing personal data on IS staff in various organisations.
Testing and Implementation
In testing and implementation, the major contribution that IS staff make is, they ensure that live data is not used. Even if such data is used, care is taken to change the identifiers so that it would not be traced to any living individual or data subject.
Anonymising, Minimalist and Visibility data strategies
The contributions of IS staff to PDP under the above are: making data unidentifiable if it does not need to be so; not storing or processing any data that is not really needed; and only showing data on the screen or producing report that is really essential.
Practice of systems analysis and design
It is interesting to note of all the contributions that IS staff have been making to the provision of PDP, systems analysis and design has been identified by researchers to be the most important.
In recent researches published by Macaulay and Watts (2002) and Keeling (2001), they published a document which seeks to 'communicate guidance on Data Protection to system designers' and for that matter IS staff. Their researches are in way responses to the UK Government, and for that matter the Information Commissioner, advocacy for 'the concept of the 'ethical engineer' designing PDP into systems' (France, 2000; cited by Howley et al, 2004). Hook (1989) also considers 'how aspects of data protection should influence system design'. He has actually in his book looked at the implication of data protection for systems design. These works, together with Howley et al (2002, 2004) give credence to the fact that IS professionals, which include systems designers, have a role and contributions to make towards PDP.
In Macaulay and Watts (2002) and Keeling's (2001) researches mentioned above, which is on the topic "Best Practice Guidance on Data Protection for System Designer", they came out with draft document for public consultation. In the document, they made it easier for IS staff to remember the eight principles of the UK Data Protection Act 1998 by using a mnemonic, FARSTARS to represent the principles. FARSTARS stands for Fair, Adequate, Rights, Specific, Transfer, Accuracy, Retention and Security. The guidelines which incorporate the eight principles of the DPA 1998 are based on the following four ideas:
- Contract and requirement.
- Design and build.
- Testing and evaluation.
- Release use and continuous monitoring.
Howley and Rogerson (2002) and Howley et al (2002) identify systems design as one important area in the provision of PDP. Hooke (1989) also singles out this area of information systems and gives the following guidelines for IS staff to follow in their contribution to the provision of PDP:
- Adher to any relevant Codes of Practice.
- Ensure that action regarding data protection is fully documented.
- Consider the means of collecting personal data and all the sources from which it will be obtained.
- Consider to whom personal data will be disclosed.
- Consider carefully the justification and the putpose for which each item of data and document is to be held.
- Ensure that crucial data is properly validated. Check format, range, domain, present and absent fields.
- Consider the frequency and method of updating. In on-line systems with on-line updating, the process amendments immediately. In batch updating systems, ensure that the date of last amendment is recorded and displayed.
- Consider the retention periods of personal data and ensure that out-of-date items are purged.
- Ensure that subject access requirements can be met.
- Consider the test procedures and the adequacy of test data. Ensure that live data and test data are properly segregated and not misused.
- Consider the documentation of the system having regard to data proctection requirements.
- Consider the adequacy of end-user clerical procedures and ensure that proper authentication, authorisation and division of duties exist for all transactions and data.
A critical look at Hook's guidelines shows that they are not different from what Macaulay and Watts (2002) give as guidelines on data protection for systems designers. They also encompass FARSTARS. It is significant to note however that because there is no privacy legislation in the country, Ghanaian IS staff, unlike their counterparts in the UK, are not under any strict obligation to design systems and make them privacy and data protection compliant.
The guidelines developed by Keeling (2001) and Macaulay and Watts (2002) are based on eight systems development principles. They make us aware that these eight principles are related but not the same as Data Protection principles. Among other things this research is supposed to fill a gap to establish how can e-government implement general constitutional requirements for privacy in countries without a history of data protection legislation (such as Ghana).
In the findings the researchers state that, 'IS staff support [contribute to] PDP through their professional practice'. Since e-government cannot function without the provision for privacy and data protection legislation, it can be concluded that IS staff in contributing to PDP also support the process of e-government.
PDP in the Absence of Legislation in Ghana
There is already some form of collecting, processing and storing of data by Government departments, organisations like the banks, telecommunication companies and hospitals among others in Ghana. Since there has not been any know major breach of privacy then it can be concluded that the IS staff who handle the data are ensuring their protection even in the absence of PDP legislation. May not be the case
Perhaps the reason why there is no privacy legislation in Ghana is that, there is low privacy risk. There are no credit cards to be stolen; hospital patients' records are not computerised; and most data are processed and stored manually. It can also be said that, the consciousness of PDP by Ghanaian people is very low. The awareness is not there, thus the public is not very much concerned about data collected on them, the purpose or use. It is interesting to note that, people are more than willing and happy to keep their names and contact details in the public telephone directory. All people? More in Ghana than other countries? Etc?
People in Ghana do not really bother themselves with privacy issues until it happens that someone or an organisation has intruded into their personal life or private matters - evidence?. It is interesting to note that most publically aired of these violations of privacy cases are about the media publishing stories about public figures. Depending on the circumstances, a data subject, may to some extend, show concern about their examination results, bank accounts balance, salary and medical records being made public.
It is also most probably that the reason why Ghana has not enacted any privacy legislation is that, privacy has not been an important issue and also the awareness and consciousness, as mentioned earlier on, are not there. It could also be that the country has not advanced in ICT so much so that privacy would be an important issue for government to enact legislation on. Another possible reason could also be that the Government is not concern because the processing and storing of people personal data is more of manual than computerised, so the threat of someone hacking into an organisation's system from a remote site is non-existent or minimal.
The privacy principles of countries which have data protection laws enjoin organisations which collect, process or store people's personal data to among other things, to make available privacy policies, either on their web site or manually. In such privacy policies, the organisations are supposed to spell out that they adhere to privacy principles by stating among other things:
- What personal information they seek from data subjects;
- Purpose for which the data is being collected;
- Whether any third party will have will access to the data;
- Data subjects' rights to access and update any personal data held about them;
- Assurance that individuals personal data collected will be protected;
The UK Freedom of Information Act 2000 (ref) gives individuals the right to demand that their personal information (no it doesn't! Indeed, personal information is explicitly excluded from the FOI Act. FOI is more about corporate level data) be made available to them from some public bodies or organisations, and the DPA 1998 also guarantees data subjects access rights to personal data held about them. Although there are no such Acts as the Freedom of Information Act 2000 and the DPA 1998 in Ghana, but customers on request have access to their bank statements; students too have access to their transcripts; and patients can have access to their medical records anytime.
Breaches of PDP
As mentioned earlier on, Ghana is already involved with the processing of people's personal data. There is even a trans-border flow of data transferred from the USA. The Ghana office of the United States firm ACS-BPS provides remote data entry of medical records for insurance company Aetna (Turner et al, 2004). ACS sells data processing services to insurance companies in the US. USA and US in same para .. which is it - CONSISTENCY IS IMPORTANT?
Even in the industrialised countries where there are well-laid down PDP legislations, there have been some breaches of privacy. Some organisations in an attempt to cut down labour cost end up breaching the privacy legislations in their countries. For instance, Ghana does not have any privacy legislation or data protection act, but as mentioned before a US company, ACS-BPS, transfers its customers' personal data to a call centre in Accra for processing.
Some organisations have been breaching EU data protection laws by transferring customer data to outsourcing companies in India. Actually, the European Data Protection Directive states that: 'the transfer to a third country of personal data which are undergoing processing or are intended for processing after transfer may take place if ..........the third country in question ensures adequate level of protection'. According to Privacy and Data Protection Journal issue of 2004, India do not 'have adequate data protection laws' and that it will have one ready for approval very soon by the EU. There are other legal ways round the adequacy requirements which is how UK firms manage their off-shoring
Brooks (2004) wrote about a customer of Lloyds TSB who has objected to the fact that his personal data is transferred to India for processing. According to Brooks, the customer claims that the bank outsourcing its operations to India is a breach of the UK DPA 1998 and also EU data export laws. Interestingly, the bank has rejected the claims by maintaining that 'it has complied with the Act by putting in place appropriate measures to protect customer data'. OK this is what I was referring to above and is interesting to note it was paid for by the banking staff union.
Perhaps it is the EU Directive that prohibits trans-border flows of personal data which has prompted India to be working on its privacy legislation for approval. Most EU countries and the US have been outsourcing in India which is a boost to the Indian economy.
Even governments which enact privacy and data protection laws can end up breaching them. For instance, the identity (ID) card legislation, which was passed by the UK House of Commons on December 20 2004, was criticized by the Information Commissioner before then, as a breach of the principles of the Data Protection Act 1998. 'The cards are intended to store basic personal information (such as name age, nationality, whether a person has right to work and a unique identifier), a digital photo, and a 'biometric' which could include facial recognition, iris scans or figure prints'. People are of the opinion that there is no reason why their personal data should be stored on an ID card. 'The Information Commissioner at the time,, Elizabeth France, said the plans for identity cards could violate data protection laws.' (Privacy International, 2003).
Since e-government involves collection, processing and storage of data, there must a provision of PDP legislation to safe guard the citizens' data. Analyses of previous studies (for example, Howley and Rogerson, 2002; Howley et al 2002, 2004; Macaulay and Watts, 2002) bring to the fore the important role IS staff make towards the provision of PDP.
E-government is the use of ICT and IS by Governments to offer electronic services to their citizens. E-government cannot be implemented without the provision for PDP. As identified by Howley et al (2002, 2004) IS staff are playing an important role to the provision of PDP. Thus it can be concluded that apart from Government officials and the civil servants, IS staff have also have a contribution to towards e-government processes. These contributions of IS staff are very important since in this ICT Information, Communication and Technology age, any e-government implementation without PDP consideration can be very risky and costly.
Whilst there have been a number of researches on e-government, privacy and data protection, the research question: "how can e-government implement general constitutional requirements for privacy in countries without a history of data protection legislation (such as Ghana).
Has not been addressed in any way. This research thus sought to fill the knowledge gap created.
Further research has been identified to find out:
- the impact of PDP legislation on e-government implementation in developing countries like Ghana; and
- the effect of the increasing use of ICT and IS on e-government and PDP.
References and Bibliography
- Anderson, P. (2003) Privacy and E-Government: Privacy Impact Assessments and Privacy Commissioners - Two Mechanisms for Protecting Privacy to Promote Citizen Trust Online. [WWW] Available from: http://www.internetpolicy.net/practices/030501pia.pdf [Accessed 23/01/08]
- Beynon-Davis, P. (2004) E-business. Palgrave Macmillan, New York
- Beynon - Davies, P. (2002) Information Systems, an Introduction to Informatics in Organisations, Palgrave Macmillan, New York
- Biondi, C. (2002) What's the 'Big Deal' with Data Protection? Privacy and Data Protection Journal, 2(8), pp 3-6
- Blaxter, L., Hughes. C. & Tight M. (2001), How to Research, (2nd ed.), McGraw-Hill Education.
- Brooks, G. (2004). The challenge to Lloyd's in Indian outsourcing. Privacy and Data Protection, 5 (1), pp.10 -11
- Brownsdon, E. and Boardman, R. (2002) data Processors - Model Contracts for Third Country Transfers. Privacy and Data Protection Journal, 2(4), pp 10 - 11.
- Cate F.H. (1997), Privacy in the Information Age. Washington, D.C., Brookings Institution Press
- Caloyannides, M.A (2001) Computer Forensics and Privacy. Artech House Boston.
- Chaffey, D et al (2003) Internet Marketing, Strategy, Implementation and Practice, (2nd Ed) Prentice Hall, London.
- Clarke, R. (1999) Introduction to Dataveillance and Information Privacy, and Definitions of Terms url: http://www.anu.edu.au/people/Roger.Clarke/DV/Intro.html [Accessed 22/06/04]
- Cohen, R. B. Protection and Security on the Information Superhighway, John Wiley
- Denzin, N.K. & Lincoln, Y.S. (1994), Handbook of Qualitative Research, Thousand Oaks, CA; Sage.
- Ebusiness Forum (2004) Africa: E-business opportunities url:http://www.ebusinessforum.com/index.asp?layout=rich_story&channelid=4&categoryid=31&doc_id=1873 [accessed 21/09/04]
- France, E (2000) Collaboration Key to Data Law Computing Feb 2000
- Heeks, R. (2001) Building e-governance for development: a framework for national and donor action. IGovernment working paper series: no 12, University of Manchester Institute for Development, Policy and Management
- Hook C, (1989), Data Protection Implications for Systems Design. NCC Publications
- Howley R. and Rogerson S. (2002) IS staff and the provision for privacy and data protection. Available from: http://www.ccsr.cse.dmu.ac.uk/resources/general/ethicol/Ecv12no6.html [Accessed 1st June 2004].
- Howley, R. et al (2002) The role of information systems personnel in the provision for privacy and data protection in organisations and within information systems. Available from: http://www.ccsr.cse.dmu.ac.uk/conferences/ethicomp/ethicomp2002/abstracts/70.html [Accessed 1st June 2004].
- Howley et al (2004). The role of information systems staff in the provision for data protection on privacy. A subjective approach CCSR, DMU.
- Keeling, D (2001) FARSTARS An Evaluation of the Concept - Final Report [WWW] Available from http://www.hispec.org.uk/public_documents/8_1FARSTARSFinalEvaluationReport.pdf [Accessed 30/11/04]
- King, N (2004) Using Interviews in Qualitative Research, In: Cassell, C. and Symon, G. (2004). Essential Guide to Qualitative Methods in Organisational Research Sage.
- Kvale, S. (1996) Interviews: an Introduction to qualitative research interviewing Sage London.
- Lacey, A. and Luff, D. (2001). Trent Focus for Research and Development in Primary Health Care: An Introduction to Qualitative Analysis, Trent Focus. Available from: http://www.trentfocus.org.uk/Resources/Qualitative%20Data%20Analysis.pdf [Accessed on 21/09/04]
- Lyon, D. (2001) Surveillance Society: Monitoring Everybody life Open University Press.
- Macaulay, L. and Watts, L. (2002) Best Practice Guidance on Data Protection for Systems Design (Version May 2002: Draft for Public Consultation) [WWW] Available from http://www.co.umist.ac.uk/research/tech_reports/trs_2002_002_lam.pdf [Accessed 26/6/04]
- Marshall, C. & Rossman, G.B. (1999), Designing Qualitative Research (3rd ed.). Thousand Oaks, Ca: Sage
- McNamara, C. (2004) Analyzing, Interpreting and Reporting Basic Research Results. Available from: http://www.mapup.org/library/research/analyze.htm. [Accessed on 9/08/04]
- Miles, M.B and Huberman, A.M (1994). Qualitative Data Analysis: An expanded Source book London. SAGE Publications.
- Ministry of Communications, Ghana (2008). Available from: http://www.moc.gov.gh/modules.php?op=modload&name=FAQ&file=index&myfaq=yes&id_cat=1#7 [Accessed on 1/04/08].
- Moore, N. (2000). How to do Research: The Complete Guide to Designing and Managing Research Projects (3rd ed), Library Association Publishing
- Patton, M.Q. (1990). Qualitative Research and Evaluation Methods, (2nd ed.), Newbury Park, CA: Sage
- Pollio, R.P. & Humphreys W.L. (December 1996), What Award-Winning Lecturers Say about Teaching. Available from: http://www.qeced.net/ed/issues/Lecture.htm [Accessed on 17/0704]
- Privacy and Data Protection Journal (2004) off shore outsourcing set to be attacked by Unions. 4(8), p1
- Privacy and Data Protection Limited (2002) Privacy and Data Protection Limited url: http://privacydataprotection.co.uk/guide/part1/ [Accessed 25/06/04]
- Privacy Internatio0nal (2003) Privacy and Human Rights 2003: Threats to Privacy Available at http://www.privacyinternational.org/survey/phr2003/countries/unitedkingdom.htm#ftnref2796 [Accessed 12/08/04]
- Ralston, A et al (2000). The Encyclopaedia of Computer Science (4th Ed), Mature Publishing Group, London.
- Saunders, M et al (2003) Research Methods for Business Students (3rd ed) Prentice Hall England
- Silverman, D. (2000), Doing Qualitative Research, London: Sage
- Spinello, R.A. (1995), Ethical Aspects of Information Technology Prentice-Hall New Jersey.
- Strauss, A.L. & Corbin, J. (1998), Basics of Qualitative Research: Techniques and Procedures for Developing Grounded Theory, Newbury Park, CA: Sage.
- Szewczak E.J. (2001) Personal Information Privacy and Internet Technology, Managing Information Technology in a Global Economy. Idea Group Publishing
- Tavani, H. T. (2004) Ethics and Technology: Ethical Issues in an Age of Information and Communication Technology Wiley.
- Turner, M.A. et al (2004) Privacy Rights and Policy Wrongs: How Data Restrictions can Impair Information-Led Development in Emerging Markets url: http://infopolicy.org/pdf/ild.pdf [Accessed on 23/06/04]
- U.S Department of Commerce Safe Harbour Overview url: http://www.export.gov/safeharbor/sh_overview.html [accessed on 23/06/04]
- Westin, A. F. (1970) Privacy and freedom Bodley Head, London
- Whiteley, D. (2004) Introduction to Information Systems. Organisations, applications, technology and design Palgrave Macmillan.
- World Factsbook (2008) Available from https://www.cia.gov/library/publications/the-world-factbook/print/gh.html [Accessed on 7/04/08]