About Us | Search | FAQ | Contact Us
Data protection Bosses unaware or are they studiously avoiding the issue?
The USA and Europe were facing a global trade war over the new Data Protection measures during 1999. No privacy - no trade we said ... and for the Americans, who have very loose privacy laws, there's was a risk of losing billions of dollars worth of business.
The new European Directive obliged every country to conform to a set of common standards and an ultimatum was issued to Washington. Firms exporting personal data had to protect privacy. But instead of the US tightening up - and UK bosses seem to be trying to ignore the issue ... Julie McCreadie suggests that ignorance will not always be bliss.
In early 1999 Elizabeth France, now Data Protection Commissioner, issued a warning against the introduction of 'look-up' services in the UK. These services, already well established in the USA, bring together extensive collections of personal data about ordinary citizens and make them available to anyone on the payment of a fee.
One way they can be developed is through routinely scanning newspapers to extract information and create, at least a partial, register of criminal convictions outside official control.
"We must take care to ensure that 'look up' type services do not develop in the UK unless they comply fully with the new Data Protection laws."She also warned our trading partners that personal data must be protected or there will be no trade.
The new Data Protection
Bill received Royal Assent in 1988 and became official law in March this year.But
what has been the reaction...?
These disturbing findings emerged from research by The Stationery Office (TSO), which has been responsible for publishing UK legislation and standards for 200 years. The research was carried to find out the level of UK company directors' awareness of the Information Security Compliance (iSC) Standard and the Continuous Compliance Programme (CCP).
In addition to data protection, the independent iSC Standard covers UK laws on software copyright, computer misuse and the Companies Act. The programme enables all UK organisations to manage their IT legally and securely.
The Continuous Compliance Programme, encompassing the iSC Standard, is the first comprehensive programme for legal IT management. It provides a set of legal risk management procedures - health check, financial and business risk assessment, project plan, compliance resolution and independent certification and offers clear value for money, balanced against the penalties for non-compliance and the risks to the business.
The CCP ensures that subscribers comply with the iSC Standard, by re-certifying annually.
TSO's confidential research amongst directors of companies with over 100 employee, also revealed that 45% of companies questioned had not nominated a Data Protection Officer; 27% had no-one who specifically dealt with IT legal compliance issues - one of the key aspects of the 1998 Data Protection Act - and only 3% planned to have someone in the near future.
When the iSC Standard and the CCP were explained to them, 79% of the sample said they believed both would be important to their business. Some 64% also said they were likely to plan a consultation about the CCP in the next 12 months ... the actual uptake is yet to be published
IT compliance - The knowledge
TSO's survey also showed:
n Over one third of directors polled admitted not auditing their company's IT to check legalities blaming lack of guidance from governing bodies, constant changes in legislation and the rapid pace of developments in IT.
n Computer viruses are of major concern to three quarters of directors. Over half are also concerned about data loss, and one third about data protection in terms of both potential legal and financial hazards for any business.
n 96% of those polled had access to e-mail or the internet, but 19% had no clear policy for using either of these essential business tools.
IT auditing and the law
Those interviewed who admitted not auditing their company's legal position on IT (18%) blamed constant changes in legislation.
Two other surprising and possibly costly findings were that 48% of the directors surveyed did not have a policy in place which complied with the Companies Act, despite being personally liable for the consequences of legal breaches. And on one in three companies had no internal policy regarding the Computer Misuse Act
The iSC Standard is continually updated to comply with latest legislation, addressing one of the main reasons given by directors for non-compliance.
Public concern over personal
Central to the campaign is a new graphic signpost called the 'Information Padlock', unveiled to the general public by GMTV's Fiona Philips at London's Data 2000 conference.
The signpost has been devised for use by organisations requesting personal information and must only be used in conjunction with an explanation of why the information is being requested and for what purpose(s) it will be used.
At the conference Elizabeth France, the Data Protection Commissioner said, "This is another important step towards ensuring people and companies have the information they need about how their personal information is being processed by both the private and public sector."
The move is in line with the new Data Protection laws, introducing tighter controls over the use of individuals' records, requiring organisations to be more open about the intended use of information, following the 'eight principles of good information handling'.
Mrs France continued, "Responsibility for good information handling lies with the Data Controllers and the introduction of this signpost device is to make it easier for them to be open at the point of data collection. In turn, this will help individuals to see, at a glance, that their information is to be processed and for what purpose.
"With the benefit of this knowledge, they can go on to make choices about what information to provide and take steps to prevent any mishandling of it."
All organisations whose activities involve the collection of personal data are being asked to use the new signpost at any point where information is requested - this includes application forms, advertising coupons, websites etc.
Marlene Winfield of the National Consumer Council said "We are delighted to be working with the Data Protection Commissioner to introduce this important measure to help give consumers greater control over how their information is used.
"People giving personal information should look for and expect to see the Information Padlock. We hope it will quickly become established as the symbol of organisations with an open and fair approach to data handling. When it's not there, consumers should demand to know why."
Do people really care?
n 73% state that personal privacy isvery important.
n 77% are concerned about the amount of information held (year on year +11%).
n 72% are concerned about the lack of openness from organisations on the information they process.
So what's The size of
the problem ... and
what is a database?
In today's environment of client server networks, wide area networks, corporate intranets and extranets, databases are becoming widely accessible to a growing number of users.
The concern for those who create, manage and update databases is to protect their investment in producing and marketing their databases through the use of intellectual property rights.
On the other hand, database users want to be able to access database information, while being confident that they are not infringing any third party rights when they use databases.
So what is a database?
What changes in how we
The Database Regulation has not changed the application of copyright law to the contents of a database. Separate copyright will still subsist in the individual items of data making up the database. For example, each of the plays in the collection of short plays is protected by copyright itself, and each of the items of information used in the Encarta encyclopaedia cannot be used without the consent of the copyright owner.
Were databases protected
Under English law, copyright protection extends to databases as original literary works and not copied from an existing work, and the author has expended some effort in compiling the work. The contents may be entirely commonplace, and not subject to copyright in themselves (eg. telephone numbers, share prices etc) , but if the compilation required much effort, or 'sweat of the brow' to put it together it qualifies for copyright protection.
This is a very low standard of originality, and one not shared by many other jurisdictions, particularly Europe. Finally, UK copyright protection extends for the life of the author plus 70 years, which is a considerable amount of protection for a work which requires no creativity.
The purpose of the EC Directive on the legal protection of databases is to harmonise the copyright regime in the EU, and introduce a new, lesser right, the database right, which gives databases protection without extending to databases the full term of copyright protection.
While this is good news for most European countries, it has brought a mixed response in the UK where we already provide very generous protection for databases.
What is not covered?
Computer generated works currently enjoy copyright protection under the provision of the CDPA 1988, but they appear to lose that protection under the Database Regulations.
Who owns the database?
Where a database is made by an employee in the course of his employment, his employer is the maker of the database, subject to any agreement to the contrary.
Information on the iSC Standard
on its dedicated website at
Details on the Technology
means Business initiative on
Written and compiled by Julie McCreadie, a journalist and publisher for over 20 years. Now also advises companies on IT, new media and changes in the law - particularly regarding publishing, copyright and intellectual property. She is involved in the Technology means Business programme, managed by the Institute of Management and supported by the DTi to promote UK competition with better use of information and communications technology (ICT).
|Home | About Us | Search | FAQ | Contact Us|