A code of conduct for handling personal data was launched in London yesterday. But the document is inconsistent on the need for consent when collecting personal data, according to a data protection expert. Sometimes consent is not necessary, he said. The Personal Data Guardianship Code was published jointly by the British …
"to allow Government departments to share citizens' personal information with ...and with the private sector"
too effing right!
"two years" - waste of time
We can have a hundred 'guides' but without any legislation they are not worth the paper they are printed on.
What is legal is not necessarily the same as what is right
The lawyer quoted in the article should read the guide more carefully. The guide does not claim to state the legal position, but rather to provide guidance on best practice. This is not just a matter of what the law says, but a rather how to strike a reasonable balance between the benefits and risks of personal data holdings, both for the individual and for the organisation holding the data.
Given increasing sharing of data between organisations, and the infamous Clause 152 in the C&J Bill, the matter of consent, especially for re-use of personal data for purposes other than those for which it was originally collected, is of central importance to best practice. The Data Protection Act was formulated long ago and, whilst its pronciples are still sound, they do not fully cater for the capabilities of modern, highly interconnected IT systems.
As MPs have recently discovered, merely obeying the rules (or law) does not make an action right.