For instance, US authorities in 2001 set up a secret program in order to fight terrorism, identifying its funding activities in particular. Financial transactions of people were traced who were suspected of having some terrorist ties. This program also involved SWIFT that is a company having an operation centre based in the US in Belgium. Its function is to transfer the financial data electronically. SWIFT allowed indirect access to its electronically maintained financial database through a system named ‘black box’, which had financial data provided by SWIFT but was operated and maintained by the US Treasury Department (Jacobs ,2007).
The scope of the data search in the black box system was limited to terrorism only, but the word’s definition was quite large. This raises concerns for insight in the search criteria and conducting audits by an independent auditor with presence of specific SWIFT employees. The main concern regarding confidentiality of data is that SWIFT did not notify any of the conditions or even existence of such collaboration with the US to its financial institution members, or to any of its data subjects or any privacy authorities. The company was found to be in breach of maintaining transparency towards data subjects as the data controller, which was the breach of Belgian data protection legislation (Jacobs 2007).