Change text size: A A A

Data Protection - 'Horrifying' But It Doesn't Have To be...

The UK’s Information Commissioner, Richard Thomas, gave a damming assessment of data protection compliance in the UK at the launch of the Information Commission Office’s annual report. Mr Thomas described the number of breaches as "Horrifying" and his use of these emotive and headline grabbing words demonstrates the seriousness of non-compliance.

As an additional penalty Mr Thomas has named and shamed some of the worst offenders, many are banks or internet based firms.

He went on to say “Privacy must be given more priority in every UK boardroom. Organisations that fail to process personal information in line with the Principles of the Data Protection Act not only risk enforcement action by the ICO, they also risk losing the trust of their customers.”
Almost 24,000 enquiries and complaints concerning personal information were made to the ICO last year, resulting in the prosecution of 16 individuals and organisations.

Potential sanctions for non compliance range from fines to prison sentences for serious breaches, but negative press coverage can be the biggest impact on a business especially companies relying on trust and integrity of their brand.

The Information Commissioner is looking to extend his powers to surprise inspections of companies.

It’s not only the ICO that can take action. A man recently won damages against a firm who continued to send unsolicited emails after he asked for them to stop.

So many companies fail to have a Privacy Policy on their website, allow employees access to systems that contain personal details that they have no need to see, keep their records far too long and then throw them away inappropriately – all potentially serious breaches of the Act. The Commissioner also discovered numerous instances where personal data has been sold and re-used contrary to the original reason given for collecting the data.

Is this a fuss about nothing? Well the short answer is no. Sanctions and negative press are one thing but more importantly are the issues of identity theft and sharing of information to amongst others, cold-calling companies. As Mr Thomas suggests it is a matter of respect for the privacy of an individual.

So what should you do to make sure that your company is not reported to the Information Commissioner? Well a good starting point is the Office of the Information Commissioner’s website with its many useful guides and tips. A more robust approach is to carry out a Data Protection compliance audit reviewing the collection and processing of all personal data within a company. This will identify non compliance and suggest ways of rectifying it.

On a positive note most of the audits that we undertake in the Westcountry do identify significant non-compliance but usually a practical and cost-effective solution can be implemented to rectify these.

Published 24/07/2007. The author of this article is Edmund Probert

Footer Curve