The routine functions of government and private institutions require a continual supply of data about us in order to administer effectively the many services that are an integral part of modern life. The provision of health services, social security, credit, insurance, and the prevention and detection of crime assume the availability of a considerable quantity of personal data and, hence, a willingness by individuals to supply it. The ubiquity of computers and computer networks facilitates almost instant storage, retrieval, and transfer of data, a far cry from the world of manual filing systems. At the core of all data protection legislation is the proposition that data relating to an identifiable individual should not be collected in the absence of a genuine purpose or the consent of the individual concerned. Adherence to, and enforcement of, this idea (and the associated rights of access and correction) has been mixed in the nearly 100 jurisdictions that have enacted data protection legislation. This chapter assesses the extent to which these statutes have succeeded in protecting personal data.