The universal declaration of human rights article12 states that: "there should be no interference with a person, family, home etc. or attacks upon their reputation" (Lloyd1998.58-60). The company has the duty of finding out the stipulated rules and regulation in the various legislative acts that address data protection. The law for example, requires the firm to get registered and get authorization from information commissioner (Carey, 1998.16-31). It is the responsibility of the company to develop policies and procedures that protect customer information using the knowledge so gained.
The company then needs to institute the office of a data controller who is the person who, either alone or with others, directs the content and use of personal data (ILO, 1997.14-67). The company, through the office of the data controller has the responsibility of ensuring that personal information collected from client is relevant and secure and its uses in an appropriate manner (Hornberger, 2001.21-49).
The company has a duty to keep updating themselves on amendments on data protection acts inorder to maintain relevant policies. It is thus their responsibility to keep in touch with the concerned regulatory bodies or any the media houses that highlight such changes or amendments.
To improve this privacy and security, the company should prohibit the use of social security numbers or social insurance numbers as