--------------------------------------------------------------This story was printed from ZDNet UK,
located at http://news.zdnet.co.uk/
--------------------------------------------------------------
Location: http://news.zdnet.co.uk/story/0,,t269-s2097953,00.html
Consumers gain new rights over data
Wendy McAuliffe
British consumers have been granted new data protection rights today
(Wednesday), which will allow them to access any personal information
held about themselves by companies.
The first transitional deadline for compliance to the Data Protection Act
1998 expires on 24 October, 2001, and UK companies will be required to
comply with new data processing principles that place the balance of
rights back in the hands of the consumer. Companies found to be in breach
of the Act could face an unlimited fine in a Crown Court.
Individuals will be able to demand access to any personal data that is
held on them by a company in the UK -- whether electronically or on paper
-- for a maximum fee of £10. Manual records were not covered by the old
rules. Access to medical records will now be slightly more costly,
amounting to a maximum charge of £50 for a mixture of manual and
computerised records. Companies will also be obliged to provide more
information about their purposes for processing personal data on request,
and must also reveal the source of their data. Consumers who are refused
access to their records are now entitled, for the first time in the UK,
to take the case before a magistrate court.
"There will be substantial compensation available for financial loss
which has caused harm or distress through the processing of personal
information in breach of the provisions of the Act," said Dave Clancy,
strategic policy officer to the Information Commissioner (formerly the
Data Protection Commissioner).
The Act defines personal data as "data which relates to a living
individual who can be identified" by that data. The principles offered by
the Information Commissioner advise that "data controllers should
consider whether or not and, if so, the extent to which, a decision not
to treat the information as being covered by the Act will prejudice the
individual concerned."
There are eight data protection principles in the Act. The Information
Commissioner has the power to issue an enforcement notice to any
organisation found to be in breach of any of the principles, which could
result in a £5,000 fine in Magistrates Court, or an unlimited fine in a
Crown Court. Depending on the nature of the breach, the Commissioner may
decide to offer educational advice instead.
"We are not looking to make examples of companies at the moment -- action
is ongoing, irrespective of date," said Clancy. "It is business as
normal, we are not going to get out the big stick."
Companies set up after 24 October 1998 did not have the benefit of the
first transitional period, and should already be compliant with the eight
data protection principles. "These companies have been informed of their
obligations by a number of bodies, and so have no excuse for being in
breach of data protection principles," said Clancy.
************************************************************************************
Distributed through Cyber-Society-Live [CSL]: CSL is a moderated discussion
list made up of people who are interested in the interdisciplinary academic
study of Cyber Society in all its manifestations.To join the list please visit:
http://www.jiscmail.ac.uk/lists/cyber-society-live.html
*************************************************************************************
|