The Data Protection Act, ten years on

As the UK’s main data security law turns ten, IT vendors and lawyers question if it’s still fit for purpose in today’s increasingly networked world.

The Data Protection Act (DPA) 1998 is ten years old today. Originally created to safeguard our personal information, some have questioned whether it is still fit for purpose.

The question is particularly pertinent, coming only a day after the The Office of the Information Commissioner (ICO) launched a scathing attack on government database expansion plans, following a series of high profile UK public and private sector data losses and rising online ID theft.

Jamie Cowper, marketing director (EMEA) at data protection specialist PGP Corporation, said it was difficult not to break data security laws in a world of electronic information that has changed almost completely since the act was enacted.

"The sheer proliferation of data within both public and private sector organisations in terms of stored records and transactions is mind-boggling," Cowper said. "As a result, I'd be surprised if nearly all companies aren't in some way contravening the act as it currently stands, whether they realise it or not."

He added: "The increased reporting of data loss incidents from missing CDs to hacked databases has simply shown how lax many organisations have become in following the guidelines laid out by the Act. If the DPA is to be of use in reducing such incidents, it must be positioned as a visible deterrent with punitive powers."

Cowper, like many others, said the DPA was a good step in the right direction, and has definitely done a lot to raise awareness of how consumers' personal information is used and sometimes abused by organisations. "However, it has perhaps been less effective in penalising those companies that have mishandled data, with, for instance, permission for inspections needed before any action can be taken," he said.

Dai Davis, partner at law firm Brooke North agreed the DPA was not fit for purpose. But he said the recent addition of criminal penalties for failing to comply with an ICO enforcement notice - such as those issued to Her Majesty's Revenue and Customs (HMRC) and the Ministry of Defence (MoD) yesterday - was a step in the right direction towards giving the law some teeth.

"The use of data and its value is manifestly greater than it was ten years ago and will continue to increase in importance over the next ten years," he said. "I think what we're seeing, with the Information Commissioner more willing to use his enforcement powers now there's some clout behind them, is good."

But Davis added: "We also need to give the authorities charged with investigating the crimes of data abuse, like the former Hi-Tech Crime Unit, much more funding."

The ICO told IT PRO: "The Data Protection Act has a crucial role in ensuring our personal information is effectively protected. It requires organisations to ensure that our personal information is stored and processed securely, that it is accurate and up to date and that it is not kept for longer than is necessary.

"Recent security breaches have reinforced the importance of data protection and we continue to urge the public and private sectors to take data protection seriously or risk losing the confidence and trust of individuals."

"It is equally important that individuals understand the value of their personal details and take appropriate steps to protect them. The Act gives us all important rights and protection in an age where more and more of our personal information is being collected and traded," the watchdog said.

Featured Resources

How to scale your organisation in the cloud

How to overcome common scaling challenges and choose the right scalable cloud service

Download now

The people factor: A critical ingredient for intelligent communications

How to improve communication within your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Recommended

Microsoft Exchange targeted by China-linked hackers
zero-day exploit

Microsoft Exchange targeted by China-linked hackers

3 Mar 2021
Malicious ‘dependency confusion’ packages are stealing password files
hacking

Malicious ‘dependency confusion’ packages are stealing password files

2 Mar 2021
What is the Computer Misuse Act?
Policy & legislation

What is the Computer Misuse Act?

2 Mar 2021
What is cloud-to-cloud backup?
cloud backup

What is cloud-to-cloud backup?

1 Mar 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

26 Feb 2021
How to connect one, two or more monitors to your laptop
Laptops

How to connect one, two or more monitors to your laptop

25 Feb 2021
Ransomware operators are exploiting VMware ESXi flaws
ransomware

Ransomware operators are exploiting VMware ESXi flaws

1 Mar 2021