I guess it depends upon whether you consider *not being fined* as the only
benefit accruing from a DP officer. Given the increasing number of US
firms with "Privacy Officers" (in a regulatory environment which appears
considerably more lax than our own), perhaps they can see other benefits.
Examples of other benefits might be:

* improved customer/client relations - providing customers and clients with
what the privacy surveys keep telling us they want (even if the customers
and clients often act in different ways in real life). A firm which
demonstrates (or appears to demonstrate) respect for its customer/client
personal data may gain a competitive edge over rivals who do not (or do not
adequately publicise the fact that they do). Equally government agencies
are likely to find citizens more likely to co-operate when those agencies
demonstrate an understanding of the dignity and respect issues relating to
the collection and exchange of personal data.

* the ability to deal with overlapping legislation and records management -
in my experience DP officers often handle a much wider portfolio than basic
DP - as you note, many DP staff are also going to be dealing with FOI
matters. Also both DP and FOI may result in organisations rethinking their
data handling structures, and DP officers often play a role in developing
the whole records management process. A company that is DP compliant will
in theory also be a company that makes effective use of the data that it
needs, maintains mechanisms for ensuring the accuracy of the data it needs,
and discards the data that it does not need.

* a means to involve staff and customers/clients in helping the
organisation keep its records accurate, and a forum for channelling and
dealing with some staffing/personnel issues.

These matters are of benefit (albeit perhaps difficult to quantify in terms
of cold hard cash) additional to not being hit with the occasional fine.

Andrew


--On Wednesday, October 09, 2002 5:22 PM +0100 Duncan Smith
<[log in to unmask]> wrote:

> All this talk of salaries leads me to an interesting (controversial?)
> thought.
>
> Given that the largest fine handed out by the Information Commissioner
> (Annual report 01/02) appears to be less than £8k (to poor old London
> Borough of Havering), does it make economic sense to hire someone at
> £25k (£50k with all associated benefits and 'usual' on-costs) to manage
> responsibilities inherent with Data Protection Act 1998 (and FOI I
> guess)?
>
> I haven't seen any claims for compensation through the courts yet, nor
> have I seen any really juicy 'reputational damage' issues.
>
> I am reminded of Jeremy Clarke's 'bangernomics' (run a £250 car into the
> ground and buy a new one, rather than pay £400 in servicing).
>
> Regards,
>
> Duncan S Smith
> Principal Consultant

Andrew Charlesworth
Senior Research Fellow in IT and Law
Director, Centre for IT and Law
School of Law/Department of Computer Science
University of Bristol
Wills Memorial Building
Queens Road, Bristol BS8 1RJ

Tel: 0117 954 5355 (Law), 0117 954 5633 (CompSci)
Fax: 0117 925 1870 (Law), 0117 954 5208 (CompSci)
E-mail: [log in to unmask]
        [log in to unmask]

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
    www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
  (all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^