Lawyer questions Tories' plan to reform Data Protection Act

Don't make things worse

I have to process data under the DPA and the act is fine as it is. It covers good data management, and is not burdensome at all - on the whole the DPA is a pretty good piece of legislation.

I doubt you will find many people who do not think that data should be processed securely, inaccurate data should be corrected and out-of-date data removed. It's all good data management practice - and I suspect if the act was repealed a lot of companies would still follow the same principles anyway.

Not surprising

It's not a surprise that the people driving this ten-years-out-of-date 'report' don't like the DPA. After all, the Conservative Party's biggest supporters continue to be executives and owners of business. If the DPA is a robust, easy-to-comply-with piece of legislation, it would share some traits with the Sarbanes Oxley Act. The most common trait? That business owners and executives hate it because it requires A) Documentation of sound business procedures and processes and, B) Evidence that such sound, etc., etc. were followed. When Sarbanes Oxley was introduced, I was amused to hear one executive fume, "It's a waste of time! All it does is force us to write down what we do!" Well, yes. Rather the point there.

I am, however, a little concerned (no, not by Redwood's raising his Vulcan head again) by the Conservative Party's priorities. While I recognise that they must play to their core constituency, is the DPA the most prized target? Wouldn't a little more effort on modifying the Illegal Immigrants' & Criminals' Rights Act (aka 'Human Rights Act') be a higher priority for most Outraged In Tunbridge Wells'?

Title

So on the one hand the Tories say they will scrap ID cards, which is a massive threat to privacy in the UK. On the other hand they also want to scrap the Data Protection Act, which is the one thing that tries to keep our data private and stands between us and a total free for all in terms of companies/public sector using and sharing our information in what ever way they want. Well done chaps. How about some coherence here.

As Ben has pointed out, decent organisations which respect their customers would do all these things anyway - keep information confidential and secure. And those that don't comply can hardly complain that DPA is burdensome.

The DPA is probably fine for smaller data controllers...

...it's the larger one's that suffer.

I complete Subject Access Requests for a large multinational telecoms company and would never question an individuals rights to access the data we hold, what I would question are the statuatory fees we are allowed to charge for providing this data. £10 doesn't even cover the postage costs involved in sending the data we hold out and it most defintley does not cover my time.

I notice the the Goverment have worked a sliding charging scale into the Freedom Of Information Act so the Civil Servants can charge fair rates for the provision of data and it's doesn't end up out of pocket, unfortunatley, the public sector can only charge a tenner which is just totally unrealistic!

The only thing that needs revising in relation to the DPA is a sliding charges scale and a review period, so they are obliged to review the charging scale either in line with inflation or over 10 years or so.

The only other comment I have to make are the people who request all data held just for the hell of it, as stated I won't question a persons rights to access the data we hold, but only ask for the data you need! As much as it pleases me to box it all up and send it out to you, it's a massive waste of paper and we both know that the bulk of the data I send out will end up straight in the bin when you realise just how much stuff you've been sent that is of absolutley no use to you whatsoever!