Data Protection Warning! - Employment Law News Autumn 2007
01 October 2007
The Data Protection Act 1998 (DPA) is enforced by the Information Commissioner’s Office which released its annual report in July 2007. It reported that a horrifying number of companies, government departments and other public bodies have reached data protection rules in the past year.
Richard Thomas, the Information Commissioner, said that “Over the last year we have seen far too many careless and inexcusable breaches of people’s personal information. The role call of banks, retailers, government departments, public bodies and other organisations which have admitted serious security lapses is frankly horrifying”.
The Information Commissioner’s Office received nearly 24,000 enquiries and complaints about personal information issues. Richard Thomas said that he wanted greater powers to check on the behaviour of companies and their compliance with the DPA including the right to enter business premises and carry out inspection without permission. He is also lobbying for the creation of a two year jail sentence for people deliberately abusing personal data.
Mr Thomas gave a clear message to businesses that those at the top of organisations must respect the privacy of individuals and the integrity of information held about them and to embrace data protection positively.
Internet businesses, banks and direct marketing organisations received the majority of complaints from the public. The complaints received ranged from banks dumping copies of highly confidential customer information in bins outside their premises, to employees at the mobile phone company, Orange, sharing passwords and usernames that allowed unauthorised access of customer data. There were also numerous complaints from people who were being sent direct marketing material despite requesting that it is not sent.
We would advise that all businesses look at the following checklist to help them see if they comply with the DPA. Even if you are able to answer “yes” to every question that does not guarantee compliance, but it should mean that you are heading in the right direction:
- Do I really need this information about an individual?
- Do the people whose information I hold know that I've got it, and what it will be used for?
- Am I satisfied the information is being held securely, whether it's on paper or on computer?
- Is access to personal information limited to those with a strict need to know?
- Am I sure the personal information is accurate and up to date?
- Do I delete or destroy personal information as soon as I have no more need for it?
- Have I trained my staff in their duties and responsibilities under the DPA?
- Do I need to notify the Information Commissioner and, if so, is my notification up to date?
Related Documents
- Employment Law News Autumn 2007
File size: 125 KB
Date published: 29/11/2007
‹ Back
Please call 0845 603 10 57 to speak to a member of our team
- Services for Business
- Services for Individuals
- › Residential Property
- › French Property Law
- › Family Law Kent
- › Family Mediation
- › Civil Partnerships
- › Personal Injury Claims
- › Professional Negligence
- › Wills, Tax and Estate Planning
- › Disputed Wills, Estates and Trusts
- › Estates and Trust Administration
- › Affairs of the Older Person
- › Notary Public
- › Financial Services for Individuals
- Pages recently added
- › Current Vacancies
- › Top Tips on French Laws of Succession
- › What to do when buying French Property
- › The Basics of Buying French Property
- › Trusts Legal Terms Explained
- › Inheritance Tax (IHT) Jargon Buster
- › Wills and Estate Planning Jargon Buster
- › Powers of Attorney Glossary
- › People Involved in Making a Will
- › Conveyancing Jargon Buster [M to Z]