The Data Protection Act, ten years on

As the UK’s main data security law turns ten, IT vendors and lawyers question if it’s still fit for purpose in today’s increasingly networked world.

The Data Protection Act (DPA) 1998 is ten years old today. Originally created to safeguard our personal information, some have questioned whether it is still fit for purpose.

The question is particularly pertinent, coming only a day after the The Office of the Information Commissioner (ICO) launched a scathing attack on government database expansion plans, following a series of high profile UK public and private sector data losses and rising online ID theft.

Jamie Cowper, marketing director (EMEA) at data protection specialist PGP Corporation, said it was difficult not to break data security laws in a world of electronic information that has changed almost completely since the act was enacted.

"The sheer proliferation of data within both public and private sector organisations in terms of stored records and transactions is mind-boggling," Cowper said. "As a result, I'd be surprised if nearly all companies aren't in some way contravening the act as it currently stands, whether they realise it or not."

He added: "The increased reporting of data loss incidents from missing CDs to hacked databases has simply shown how lax many organisations have become in following the guidelines laid out by the Act. If the DPA is to be of use in reducing such incidents, it must be positioned as a visible deterrent with punitive powers."

Cowper, like many others, said the DPA was a good step in the right direction, and has definitely done a lot to raise awareness of how consumers' personal information is used and sometimes abused by organisations. "However, it has perhaps been less effective in penalising those companies that have mishandled data, with, for instance, permission for inspections needed before any action can be taken," he said.

Dai Davis, partner at law firm Brooke North agreed the DPA was not fit for purpose. But he said the recent addition of criminal penalties for failing to comply with an ICO enforcement notice - such as those issued to Her Majesty's Revenue and Customs (HMRC) and the Ministry of Defence (MoD) yesterday - was a step in the right direction towards giving the law some teeth.

"The use of data and its value is manifestly greater than it was ten years ago and will continue to increase in importance over the next ten years," he said. "I think what we're seeing, with the Information Commissioner more willing to use his enforcement powers now there's some clout behind them, is good."

But Davis added: "We also need to give the authorities charged with investigating the crimes of data abuse, like the former Hi-Tech Crime Unit, much more funding."

The ICO told IT PRO: "The Data Protection Act has a crucial role in ensuring our personal information is effectively protected. It requires organisations to ensure that our personal information is stored and processed securely, that it is accurate and up to date and that it is not kept for longer than is necessary.

"Recent security breaches have reinforced the importance of data protection and we continue to urge the public and private sectors to take data protection seriously or risk losing the confidence and trust of individuals."

"It is equally important that individuals understand the value of their personal details and take appropriate steps to protect them. The Act gives us all important rights and protection in an age where more and more of our personal information is being collected and traded," the watchdog said.

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Leading the data race

The trends driving the future of data science

Download now

How to create 1:1 customer experiences at scale

Meet the technology capable of delivering the personalisation your customers crave

Download now

How to achieve daily SAP releases

Accelerate the pace of SAP change to support your digital strategy

Download now

Recommended

Your essential guide to internet security
Security

Your essential guide to internet security

23 Sep 2020
How to enable private browsing on any device
privacy

How to enable private browsing on any device

22 Sep 2020
Third-party apps are tracking your WhatsApp activity
social media

Third-party apps are tracking your WhatsApp activity

21 Sep 2020
Ransomwiz lets you test your security with simulated ransomware
ransomware

Ransomwiz lets you test your security with simulated ransomware

21 Sep 2020

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
Windows Server flaw sparks emergency US gov warning
vulnerability

Windows Server flaw sparks emergency US gov warning

21 Sep 2020