The UK government has begun a public consultation on the European Union Data Protection Directive and the UK Data Protection Act (DPA).
The government is calling on businesses, public sector organisations and individual citizens to give their opinions on how the laws can be improved.
The consultation, open until 6 October 2010, is part of government efforts to ensure that the information the state holds on its citizens is proportionate and secure.
The government is seeking feedback to determine if the definitions under the directive and the current act are still relevant.
The consultation also looks at the rights of data subjects, the obligations of data controllers, international data transfers, and personal biometric information.
The powers of the Information Commissioner's Office (ICO) will also receive attention, in particular whether further powers are necessary.
Some privacy experts in the UK have suggested that despite the recent increase in the ICO's powers, they are still insufficient.
Under the current DPA, compensation for victims can be awarded only if they can prove financial loss, which is out of kilter with the EU directive, he said.
The EU directive calls for compensation for damage suffered by anyone as a consequence of a data breach, including emotional distress or loss of reputation.
The lack of any legal framework requiring private organisations to report data breaches means that most will not to protect their reputation, said Room.
The feedback from the consultation is to be used to develop the UK's negotiating position when the European Union starts discussions on a new data protection directive, which is expected in 2011.