Data Protection – getting it right
With a little help from the information commissioner
The information commissioner (IC) Richard Thomas has warned organisations not to use the Data Protection Act 1998 (DPA) as an excuse for poor practice.
Speaking following recent criticism of the DPA by the police and British Gas, the IC said he was concerned that the advantages of the DPA were being undermined by officials who did not understand its purpose, benefits and the way in which it should be applied.
The IC said: "It is ridiculous that organisations should hide behind data protection as a smokescreen for practices which no reasonable person would ever find acceptable."
The IC announced a package of measures designed to give greater clarity to businesses, including a commitment to plain English, more user-friendly guidelines and an improved telephone helpline: "Data Protection is all about fairness and common sense. If an organisation feels that data protection is leading them to do something unacceptable, then to resolve that we have set up a telephone helpline that can give them guidance."
The IC is reported to be unsatisfied with British Gas after the utilities provider claimed that the DPA prevented it from informing social services that an elderly couple's gas supply had been disconnected because they had failed to pay a bill. The elderly couple were later found dead in their south London home.
The IC also criticised claims by Humberside police that the DPA prevented officers retaining intelligence on murderer Ian Huntley that might have prevented his appointment as a school caretaker.
The IC considers that there is nothing (either in police internal policies or in data protection regulations) that would require Humberside police to delete personal information relating to Huntley from their databases. The author agrees that the Humberside Police misinterpreted the DPA.
The IC has indicated recently that he agrees with the court of appeal that (in parts) the DPA is "cumbersome and inelegant". The IC intends to take measures to clarify and simplify the interpretation of the DPA by releasing further guidance.
The IC said that "Data protection law stands in the way of a surveillance society where government and commercial bodies know everything about everybody. It helps prevent the growing problems of identity theft and the buying and selling of personal information."
But the IC considers that it is unrealistic to expect the IC to give guidance on every eventuality that can be affected by the DPA. It is clear that businesses are expected to seek their own legal advice, check the DPA and the guidelines and make their own - correct - decisions.
If your business needs help interpreting or applying the DPA then Taylor Walton offers a data protection audit service which is free of charge. Please email Tim Cook for details.
Copyright © 2003, Taylor Walton. All rights reserved.
Taylor Walton supplies a comprehensive range of commercial legal services. If you would like to discuss the content of this article or any other commercial matter, please email Tim Cook or call 01582 731161.
Sponsored: Global DDoS threat landscape report