Most of the provisions of the Data Protection Act 1998
came into force more than a year ago, on 1st March 2000. However, the
Act provided for two "transition periods", during which
organisations would be expected to bring their older systems up to
scratch. The first of these periods comes to an end at midnight on 23rd
October 2001: (the second of the deadlines does not arrive until 2007).
This seemed to provide a good opportunity to test
whether the Web can help those who are faced with dealing with the
forthcoming deadline. The most obvious port of call is the Information
Commissioner’s site at www.dataprotection.gov.uk.
However, this tries to anticipate every kind of detailed question about
data protection. Over the years, a lot of material has accumulated on
the site, and it has become rather cumbersome to search and use.
If you are looking for a simple explanation of basic
requirements, say for meeting the October deadline, then you will
probably be better off browsing through the sites of some of the
commercial law firms. For example, Read Hind Stewart have built a neat
guide to the main provisions of the Act at www.rhs-law.co.uk.
This exploits the ability of web technology to let you to
"click" your way around the topics in the order that suits
you. Of course it is not long before you realise that most of the links
lead you to a point where it is suggested, in the nicest possible way,
that you will need further help and advice from the lawyers. All these
sites also carry extensive disclaimers, denying liability for the
accuracy of anything on the public pages. Nevertheless, it is still a
much easier way to get started than with many of the more official
sources.
Other firms which provide coverage of Data Protection
issues include:
Rowe and Mawe at www.roweandmaw.co.uk.
Their quarterly IP & IT Newsletter carries short, punchy
articles about current aspects of Data Protection enforcement.
Pinsent Curtis Biddle. This site carries Advice
Notes on Data Protection, but it can be difficult to find these via
the search facilities. For a specific example see www.pinsentcurtis.com/uploads/Data_Protection.pdf.
On the Bermans site at www.bermans.co.uk
you can select from a number of short explanatory pages on Data
Protection topics, (including the various transitional provisions).
Masons at www.masons.com
offer some interesting short articles on specific aspects of Data
Protection (for example, the new rules regarding the use of names and
addresses from Electoral Registers. See Services/Data Protection).
Masons also run courses on Data Protection law (see under Events).
At this point, this column must make its own disclaimer.
There are no doubt some other excellent sites out there. There is no
intention to recommend or endorse the ones which happen to be listed
above. However, it should perhaps be mentioned that there are also some
duff sites around, which will be spared the embarrassment of having
their URL’s printed here. In most cases, these seem to have launched a
"topical" page about the legislation a year or two ago, but
have failed to make any updates to it since.
If you are looking for a more detailed overview of the
1998 Act, a more formal guide can be found at the site of the University
of Teesside: see http://lis-lrdtnt1.tees.ac.uk/copyright/Data-Prot/DATAPROT.htm.
This explains all the main provisions, with footnotes identifying the
relevant clauses and appendices. For a code of practice for Data
Protection, another academic site can be recommended at www.jisc.ac.uk/pub00/dp_code.html.
This code, prepared by the Joint Information Systems Committee, is
geared to the needs of Higher and Further Education institutions, but is
well indexed, and could provide a useful blueprint for anyone faced with
preparing a similar code for a different type of organisation.
Finally, there are a number of sites whose coverage of
privacy issues is decidedly not official. Could it be, for example, that
your company has been nominated for the Big Brother awards, for failure
to respect individual privacy? The answer will be found at the site of
Privacy International, at www.privacyinternational.org.
For some other more generally sceptical views and discussions on
privacy, particularly in connection with commerce on the Internet, see
the Electronic Frontier Foundation (www.eff.org)
and the Electronic Privacy Information Center (www.epic.org).
For a discussion centred more on the UK and Europe, see the Foundation
for Internet Policy Research site, at www.fipr.org.
None of these sites will offer you much practical help with meeting the
Data Protection Act transition deadlines, but they should at least
provide an interesting diversion, and a lively reminder of why privacy
matters to a good many of your clients and customers.
Andrew Hawker can be contacted at the University of
Birmingham on 0121 414 6675 or by email A.Hawker#bham.ac.uk |
