Data Protection Non Compliance

March 24, 2009

It was interesting to read this report in Out-law that a quarter of Government’s databases are probably illegal.  This follows a report by the Joseph Rowntree Reform Trust (JRRT) into UK’s public databases.

If so many public databases are non compliant my guess is that double that number are non compliant in the private sector.  A typical area of non compliance is the sharing of data between related companies.  Another area where the law is flagrantly disregarded, certainly by small businesses, is in giving access to data from outside the EU.

The problem with Data Protection laws is the lack of adequate budgets to allow for  real and effective enforcement of the law.  However, any FSA regulated business needs to beware as the FSA imposes draconian fines.  For example in January last year it fined HFC Bank Ltd for filing to take reasonable care, among other things, to have adequate systems and controls for the sale of its insurance
and in June last year it fined Merchant Securities Group Limited for not adequately protecting its customers from the risk of identity fraud.
These are just two random fines I found by searching for Data Protection fines on the FSA’s website.
It is important that companies appreciate that even if the Information Commissioner does not impose hefty fines on them for breaches of data protection, they would suffer serious  damage to reputation if their data breaches were to be discovered and highlighted in the public domain.