Meeting privacy obligations: the implications for information systems development

The European Union(EU) Data Protection (Privacy) Directive of 1995 (EUPD) and resulting legislation introduced by member states is designed to ensure that business activity is subject to privacy regulation. The ability of organisations to respond to the requirements of this legislation is affected by the quality of their customer data. This paper explores the issues for IS development created by poor customer data quality as organisations adjust their business practices to meet the new legislative provisions. A number of key issues emerge including managing large amounts of fragmented customer data, understanding what information is required for organisational activities, controlling use and disclosure across the organisation, and allowing anonymity when interacting with customers. Furthermore, several important implications for systems development practitioners are discussed.