The Act on Collection, Elaboration and Use of computerized personal data was enacted in 1983 and amended in 1995.[2232] The Act applies to any computerized filing system or data bank, both private and public. It prohibits the collection of personal and confidential data through fraudulent, illegal or unfair means. It requires that information is accurate, relevant and complete. Any individual is entitled both to inquire whether his or her personal data have been collected or processed, to obtain a copy, and to require that inaccurate, outdated, incomplete or ambiguous data, or data whose collection, processing, transmission or preservation is forbidden, be rectified, integrated, clarified, updated or canceled. The creation of a data bank requires the prior authorization of both the State Congress (the Government) and the Guarantor for the Safeguard of Confidential and Personal Data. There are additional rules for sensitive information. Infringements can be punished by means of administrative sanctions or penalties. There were a number of Regency's Decrees issued under the 1983 Act that remained in force after the 1995 revisions.[2233] The Regulation on Statistical Data Collection and Public Competence in Data Processing[2234] regulates data processing within the Public Administration.
The Act is enforced by the Guarantor for the Safeguard of Confidential and Personal Data, a judge of the Administrative Court. The Guarantor can examine any claim or petition relating to the application of the above-mentioned law and pass judgment whenever the confidentiality of personal data is violated. His judgment can be appealed to a higher court. The release of information to other countries is conditioned on the prior authorization of the Guarantor, who must verify that the country to which confidential information is being transmitted ensures the same level of protection of personal data as that established in Sammarinese legislation.
Under pressure from the Organization for Economic Co-operation and Development (OECD), San Marino has recently agreed to amend its tax laws and if necessary weaken financial privacy standards, in order to facilitate better "exchange of information in tax matters."[2235]
San Marino is a member of the Council of Europe but has not signed or ratified the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (ETS No. 108). It has signed and ratified the European Convention for the Protection of Human Rights and Fundamental Freedoms.[2236]