Saturday, 14 February 2009

Investigating data protection breaches

The Data Protection Act is a fearsome piece of bureaucratic legislation, which paradoxically has only a few rather blunt teeth. In the light of escalating numbers of cases where businesses are breaking the Act's requirements (and here too), the Information Commissioner has been reiterating a theme that has run through his tenure in that position - that his office can't really be expected to achieve a lot without powers of investigation. He rightly points out that food hygiene laws would be pretty useless if inspectors had to get restaurants to consent to being investigated.

More to the point, perhaps, is the Competition Act which dates like the DPA from 1998. The Office of Fair Trading has draconian powers to investigate infringements of the competition rules. What on earth possessed the legislature (and we should probably blame the European Council and its directive) to omit such an important element? No wonder data protection laws are so rarely taken as seriously as they should be. I can't see why they should be any less rigorous, in their field, than the competition laws.

Parliament is considering legislation that will give the ICO powers to investigate, and when they come along - which won't be very soon - they will be very welcome, except to those who don't take the trouble to comply: like government departments, although their abysmal record is now becoming matched by that of the private sector.

Richard Thomas, the Information Commissioner, retires in the summer, and could be excused for counting the days. I wonder what his successor is thinking? Perhaps I'll see him on the train before long and ask him ...

No comments:


blogger templates | Make Money Online