The US-based Centre for Democracy and Technology (CDT) has published a compendium of prevailing legislation in the US, UK and Europe on "sensitive" personal information, how it is collected, stored and used.
The organisation aims to help people address the growing interest in privacy issues prompted by data breaches in the US, UK and elsewhere in the past year.
In the UK, breaches were led by the reported loss by HM Revenue and Customs of the personal and banking details of 25 million child benefit recipients in November 2007.
More recently, the Information Commissioner's Office took evidence from Phorm, a company that has developed software to track users' movements on the internet. Phorm has sold this software to BT, Virgin Media and Talk Talk so they can serve advertisements to users based on their interests as revealed by their internet searches, website visits and e-mails.
And on the eve of opening Heathrow Airport's new Terminal 5, BAA stopped using a fingerprint-scanning system to identify passengers because of fears over infringement of privacy.
The House of Lords, in two separate reports, expressed its disquiet over the status quo of privacy legislation and practice. In May it objected strongly to the proposed sharing of personal data of criminal suspects in circumstances set out under the Prum Treaty, and in August it described the internet as "the Wild West" as regards protection of personal data.
The UK government is currently negotiating with other European countries to share personal data on criminal suspects. This is despite the European Data Protection Supervisor expressing serious doubts over the adequacy of protection for such data, especially once it has been shared.
In November 2007, the US Federal Trade Commission held a "town hall meeting" to discuss behavioural targeting of internet users, and in December it published a set of recommendations for self-regulation by marketers. In May it will hold another meeting, this time to discuss targeting based on mobile phone use.
CDT's analysis divides legislation into three groups: one covers companies that collect, store and use data another covers what information may be considered "sensitive" in relation to an individual the third covers the protection of data flows between individuals and/or organisations.