Should legislation focus just on spyware, on undesireable practices (with spyware being just one example), or should legislation focus on protecting privacy and security of personal information?

Spyware is an explicit program that is written with the intention of collecting and using personal info, illegally. Of course its one other way to invade privacy. From the text, literature and real world experience, we know how vast is the world of privacy invasion and techniques that leads to it.

Unless we have clear definitions of these practices and methods to predict them, its nice to deal with them separately. The advantage is more clarity while defining the cause of issues, analysing them and applying legal procedures.

A good example of this move is HIPAA. Why have we implemented this Act separately? Why didn’t we just have a single law to enforce privacy? The idea is simple – clear definition of issues, problems, solutions, protections mechanisms and legal procedures.