IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

The Data Protection Act, ten years on

As the UK’s main data security law turns ten, IT vendors and lawyers question if it’s still fit for purpose in today’s increasingly networked world.

The Data Protection Act (DPA) 1998 is ten years old today. Originally created to safeguard our personal information, some have questioned whether it is still fit for purpose.

The question is particularly pertinent, coming only a day after the The Office of the Information Commissioner (ICO) launched a scathing attack on government database expansion plans, following a series of high profile UK public and private sector data losses and rising online ID theft.

Jamie Cowper, marketing director (EMEA) at data protection specialist PGP Corporation, said it was difficult not to break data security laws in a world of electronic information that has changed almost completely since the act was enacted.

"The sheer proliferation of data within both public and private sector organisations in terms of stored records and transactions is mind-boggling," Cowper said. "As a result, I'd be surprised if nearly all companies aren't in some way contravening the act as it currently stands, whether they realise it or not."

He added: "The increased reporting of data loss incidents from missing CDs to hacked databases has simply shown how lax many organisations have become in following the guidelines laid out by the Act. If the DPA is to be of use in reducing such incidents, it must be positioned as a visible deterrent with punitive powers."

Cowper, like many others, said the DPA was a good step in the right direction, and has definitely done a lot to raise awareness of how consumers' personal information is used and sometimes abused by organisations. "However, it has perhaps been less effective in penalising those companies that have mishandled data, with, for instance, permission for inspections needed before any action can be taken," he said.

Dai Davis, partner at law firm Brooke North agreed the DPA was not fit for purpose. But he said the recent addition of criminal penalties for failing to comply with an ICO enforcement notice - such as those issued to Her Majesty's Revenue and Customs (HMRC) and the Ministry of Defence (MoD) yesterday - was a step in the right direction towards giving the law some teeth.

"The use of data and its value is manifestly greater than it was ten years ago and will continue to increase in importance over the next ten years," he said. "I think what we're seeing, with the Information Commissioner more willing to use his enforcement powers now there's some clout behind them, is good."

But Davis added: "We also need to give the authorities charged with investigating the crimes of data abuse, like the former Hi-Tech Crime Unit, much more funding."

The ICO told IT PRO: "The Data Protection Act has a crucial role in ensuring our personal information is effectively protected. It requires organisations to ensure that our personal information is stored and processed securely, that it is accurate and up to date and that it is not kept for longer than is necessary.

"Recent security breaches have reinforced the importance of data protection and we continue to urge the public and private sectors to take data protection seriously or risk losing the confidence and trust of individuals."

"It is equally important that individuals understand the value of their personal details and take appropriate steps to protect them. The Act gives us all important rights and protection in an age where more and more of our personal information is being collected and traded," the watchdog said.

Featured Resources

Meeting the future of education with confidence

How the switch to digital learning has created an opportunity to meet the needs of every student, always

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

Technology reimagined

Why PCaaS is perfect for modern schools

Free Download

Recommended

MoJ faces £17.5m GDPR fine over subject access request backlog
data protection

MoJ faces £17.5m GDPR fine over subject access request backlog

20 Jan 2022
Cabinet Office fined £500,000 for New Year Honours data leak
data breaches

Cabinet Office fined £500,000 for New Year Honours data leak

3 Dec 2021
ICO publishes new data protection standards for the adtech industry
data protection

ICO publishes new data protection standards for the adtech industry

25 Nov 2021
Celebrity data leaked after ransomware attack on London's Graff jewellers
ransomware

Celebrity data leaked after ransomware attack on London's Graff jewellers

1 Nov 2021

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

7 Jun 2022
Attracting and retaining talent through training
Sponsored

Attracting and retaining talent through training

13 Jun 2022
Delivery firm Yodel disrupted by cyber attack
cyber attacks

Delivery firm Yodel disrupted by cyber attack

21 Jun 2022